JustinT wrote: |
A quick search may reveal other useful threads that discuss the aspects of a distinguishing attack; that is, a cryptanalytical technique for distinguishing between an actual, realized primitive, or the theoretical, ideal model. |
max-in wrote: |
I am pretty sure that the EULA wont prohibit me from releasing an Open Source version of their software as there are 2 alternative clients which supported their older protocol. |
max-in wrote: |
None of them had to face any legal action. So I assume that they are ok with the idea of Open Source clients. |
max-in wrote: |
Here is a link to one of the alternative clients:
http://easysify.sourceforge.net/ |
Code: |
LOG OPENED 1st Dec 2005, 18:48
> OUT: Blah... > IN: Blah.... - Statusbar changed to 'Checking server' - Updates user list User Fred added User Mike comes back from busy User Joe removed - Statusbar changed to 'No messages waiting' > OUT: Blah... |
max-in wrote: |
What I am NOT trying to do here is crack any proprietary software which will give me any personal benefits or cause any loss in revenue for the company. And certainly cracking their encryption isn't for any malicious intent. |
max-in wrote: |
I originally posted the question here to explore the possible options to analyze the encryption. Truthfully, I have no experience in identifying / breaking encryption algorithms. Just wanted to know that I wouldn't be going on a wild goose chase! Both of you have given me a wide variety of options. I will obtain packet dumps of the login / logoff sessions and start analyzing them! |
max-in wrote: |
P.S.: Their software comes with a file called as crypt.dll. I googled for this DLL and found that it is generally used by Windows SSH clients. So could these guys be using SSL? Afterall, they are POSTing a form to a PHP script to authenticate the user. |
max-in wrote: |
M3DU54, I think you didn't get me.
--8<00 snip --8<-- If the OpenSource clients did exist and they supported the _new_ protocol then I wouldn't have asked for help in indentifying the authentication scheme / encryption used by their client. |
max-in wrote: |
Thanks for your other ideas. BTW I am thinking of using Open SSL in my code. |
Code: |
??0CAVDownld@@QAE@XZ
??0CAVTool@@QAE@XZ ??0CAntiviruschk@@QAE@XZ ??0CBB_MsgDlg@@QAE@PAVCWnd@@@Z ??0CChoiceDlg@@QAE@PAVCWnd@@@Z ??0CInstallStatusDlg@@QAE@PAVCWnd@@@Z ??0CLog@@QAE@ABV0@@Z ??0CLog@@QAE@XZ ??0CTranslation@@QAE@ABV0@@Z ??0CTranslation@@QAE@XZ ??1CAVDownld@@UAE@XZ ??1CAVTool@@UAE@XZ ??1CAntiviruschk@@UAE@XZ ??1CBB_MsgDlg@@UAE@XZ ??1CChoiceDlg@@UAE@XZ ??1CInstallStatusDlg@@UAE@XZ ??1CLog@@UAE@XZ ??1CTranslation@@UAE@XZ ??4CLog@@QAEAAV0@ABV0@@Z ??4CTranslation@@QAEAAV0@ABV0@@Z ??_7CAVDownld@@6B@ ??_7CAVTool@@6B@ ??_7CAntiviruschk@@6B@ ??_7CBB_MsgDlg@@6B@ ??_7CChoiceDlg@@6B@ ??_7CInstallStatusDlg@@6B@ ??_7CLog@@6B@ ??_7CTranslation@@6B@ ??_FCBB_MsgDlg@@QAEXXZ ??_FCChoiceDlg@@QAEXXZ ??_FCInstallStatusDlg@@QAEXXZ ?Char2Byte@CTranslation@@QAEDPAE@Z ?CheckOtherTools@CAntiviruschk@@QAEHXZ ?ChkAVInstall@CAntiviruschk@@QAEHXZ CreateLogMutex Crosier ?Decrypt@CTranslation@@QAGJPAG0PAUtagVARIANT@@@Z ?DeleteLogs@CLog@@SAXXZ ?DoDataExchange@CBB_MsgDlg@@MAEXPAVCDataExchange@@@Z ?DoDataExchange@CChoiceDlg@@MAEXPAVCDataExchange@@@Z ?DoDataExchange@CInstallStatusDlg@@MAEXPAVCDataExchange@@@Z ?DownloadInstall@CAntiviruschk@@QAEHHHPAVCWnd@@@Z ?GetCurrentUser@CLog@@SAHQAD@Z GetIPComponent ?GetMessageMap@CBB_MsgDlg@@MBEPBUAFX_MSGMAP@@XZ ?GetMessageMap@CChoiceDlg@@MBEPBUAFX_MSGMAP@@XZ ?GetMessageMap@CInstallStatusDlg@@MBEPBUAFX_MSGMAP@@XZ GetNICInfo ?Install@CAntiviruschk@@QAEXXZ ?OnCC@CChoiceDlg@@IAEXXZ ?OnCancel@CChoiceDlg@@MAEXXZ ?OnCc@CBB_MsgDlg@@IAEXXZ ?OnClose@CChoiceDlg@@IAEXXZ ?OnCtlColor@CBB_MsgDlg@@IAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z ?OnCtlColor@CChoiceDlg@@IAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z ?OnEraseBkgnd@CChoiceDlg@@IAEHPAVCDC@@@Z ?OnInitDialog@CBB_MsgDlg@@MAEHXZ ?OnInitDialog@CChoiceDlg@@MAEHXZ ?OnInitDialog@CInstallStatusDlg@@MAEHXZ ?OnInstallOver@CInstallStatusDlg@@IAEJIJ@Z ?OnLButtonDown@CBB_MsgDlg@@IAEXIVCPoint@@@Z ?OnNot@CBB_MsgDlg@@IAEXXZ ?OnOK@CBB_MsgDlg@@MAEXXZ ?OnOK@CChoiceDlg@@MAEXXZ ?OnPaint@CBB_MsgDlg@@IAEXXZ ?OnPaint@CChoiceDlg@@IAEXXZ ?OnPaint@CInstallStatusDlg@@IAEXXZ ?OnSize@CBB_MsgDlg@@IAEXIHH@Z ?OnStartInstall@CInstallStatusDlg@@IAEJIJ@Z ?OnTimer@CBB_MsgDlg@@IAEXI@Z ?OnTimer@CInstallStatusDlg@@IAEXI@Z ?Parse_AntivirusInfo@CAntiviruschk@@QAEHPAUIXMLDOMNode@MSXML@@@Z ReadFromRegistry RetrieveChkSum ?SetInfoMsg@CBB_MsgDlg@@QAEXVCString@@@Z ?SetInfoMsg@CChoiceDlg@@QAEXVCString@@@Z ?SetLogPath@CLog@@SAXXZ ?SetNo@CBB_MsgDlg@@QAEXXZ ?SetParams@CLog@@SAXHQAD@Z ?SetStatus@CInstallStatusDlg@@QAEXPAD@Z ?SetThreadHandle@CInstallStatusDlg@@QAEXPAX@Z ?SetYes@CBB_MsgDlg@@QAEXXZ ?String2Byte@CTranslation@@QAEHPADPAE@Z ?Translate@CTranslation@@QAGJPAG0PAUtagVARIANT@@@Z WriteDWToRegistry WriteToRegistry ?_GetBaseMessageMap@CBB_MsgDlg@@KGPBUAFX_MSGMAP@@XZ ?_GetBaseMessageMap@CChoiceDlg@@KGPBUAFX_MSGMAP@@XZ ?_GetBaseMessageMap@CInstallStatusDlg@@KGPBUAFX_MSGMAP@@XZ ?_messageEntries@CBB_MsgDlg@@0QBUAFX_MSGMAP_ENTRY@@B ?_messageEntries@CChoiceDlg@@0QBUAFX_MSGMAP_ENTRY@@B ?_messageEntries@CInstallStatusDlg@@0QBUAFX_MSGMAP_ENTRY@@B fetch_domain ?hf_LogBBErrors@CLog@@SAXHPADH@Z hf_StartProcess ?hf_WriteLog@CLog@@SAXPADH@Z httpdownload ?m_iOSVersion@CLog@@2HA ?m_szappPath@CLog@@2PADA ?m_szlogPath@CLog@@2PADA ?messageMap@CBB_MsgDlg@@1UAFX_MSGMAP@@B ?messageMap@CChoiceDlg@@1UAFX_MSGMAP@@B ?messageMap@CInstallStatusDlg@@1UAFX_MSGMAP@@B ?mf_Checkkey@CAntiviruschk@@QAEHPAD0@Z threadCreateSock .?AVCAVTool@@ .?AVCObject@@ .?AVCAVDownld@@ .?AVCAntiviruschk@@ |
kestasjk wrote: |
Have you tried asking them for a specification of the protocol? |
max-in wrote: | ||
I searched the DLLs that came with the software and found out that it had these functions. Why are they jumbled up?
--8<-- snip --8<--
What can I do to get atleast the correct function names? From the looks of it. They are using some custom encryption. How should I proceed from here? |
max-in wrote: |
M3DU54, I havent tried asking them for the protocol specs. I will try and ask them for the encryption algorithm info. Anyway, I tried searching for magic numbers to get the algorithm. But Google wasn't much of a help. Where will I get the magic numbers for the most common algorithms? |
max-in wrote: |
BTW I have already read up on some articles about API hooking. I will try to get info on these 'decorated' function names. Thanks for your time! |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours