its a simple encryption, but decrypting it is another story. I’ll show the encryption code and explain what I’ve observed from there on.
CRC Table
static byte[] CRCTable = new byte[] {
0, 0x31, 0x62, 0x53, 0xc4, 0xf5, 0xa6, 0x97, 0xb9, 0x88, 0xdb, 0xea, 0x7d, 0x4c, 0x1f, 0x2e,
0x43, 0x72, 0x21, 0x10, 0x87, 0xb6, 0xe5, 0xd4, 250, 0xcb, 0x98, 0xa9, 0x3e, 15, 0x5c, 0x6d,
0x86, 0xb7, 0xe4, 0xd5, 0x42, 0x73, 0x20, 0x11, 0x3f, 14, 0x5d, 0x6c, 0xfb, 0xca, 0x99, 0xa8,
0xc5, 0xf4, 0xa7, 150, 1, 0x30, 0x63, 0x52, 0x7c, 0x4d, 30, 0x2f, 0xb8, 0x89, 0xda, 0xeb,
0x3d, 12, 0x5f, 110, 0xf9, 200, 0x9b, 170, 0x84, 0xb5, 230, 0xd7, 0x40, 0x71, 0x22, 0x13,
0x7e, 0x4f, 0x1c, 0x2d, 0xba, 0x8b, 0xd8, 0xe9, 0xc7, 0xf6, 0xa5, 0x94, 3, 50, 0x61, 80,
0xbb, 0x8a, 0xd9, 0xe8, 0x7f, 0x4e, 0x1d, 0x2c, 2, 0x33, 0x60, 0x51, 0xc6, 0xf7, 0xa4, 0x95,
0xf8, 0xc9, 0x9a, 0xab, 60, 13, 0x5e, 0x6f, 0x41, 0x70, 0x23, 0x12, 0x85, 180, 0xe7, 0xd6,
0x7a, 0x4b, 0x18, 0x29, 190, 0x8f, 220, 0xed, 0xc3, 0xf2, 0xa1, 0x90, 7, 0x36, 0x65, 0x54,
0x39, 8, 0x5b, 0x6a, 0xfd, 0xcc, 0x9f, 0xae, 0x80, 0xb1, 0xe2, 0xd3, 0x44, 0x75, 0x26, 0x17,
0xfc, 0xcd, 0x9e, 0xaf, 0x38, 9, 90, 0x6b, 0x45, 0x74, 0x27, 0x16, 0x81, 0xb0, 0xe3, 210,
0xbf, 0x8e, 0xdd, 0xec, 0x7b, 0x4a, 0x19, 40, 6, 0x37, 100, 0x55, 0xc2, 0xf3, 160, 0x91,
0x47, 0x76, 0x25, 20, 0x83, 0xb2, 0xe1, 0xd0, 0xfe, 0xcf, 0x9c, 0xad, 0x3a, 11, 0x58, 0x69,
4, 0x35, 0x66, 0x57, 0xc0, 0xf1, 0xa2, 0x93, 0xbd, 140, 0xdf, 0xee, 0x79, 0x48, 0x1b, 0x2a,
0xc1, 240, 0xa3, 0x92, 5, 0x34, 0x67, 0x56, 120, 0x49, 0x1a, 0x2b, 0xbc, 0x8d, 0xde, 0xef,
130, 0xb3, 0xe0, 0xd1, 70, 0x77, 0x24, 0x15, 0x3b, 10, 0x59, 0x68, 0xff, 0xce, 0x9d, 0xac
};
the function
private void CodingToFile()
{
byte[] bytes;
this.DataCorrector(DateTime.Now);
string path = Environment.CurrentDirectory + "\\" + this.newCorrectedData;
byte index = 0;
int num2 = 0;
for (int i = 0; i < this.dataComming.Length; i++)
{
num2 = this.dataComming[i] + CRCTable[index];
bytes = BitConverter.GetBytes(num2);
this.dataComming[i] = bytes[0];
index = (byte) (index + 1);
}
for (int j = 0; j < this.DeviceIDCode.Length; j++)
{
num2 = CRCTable[this.DeviceIDCode[j]];
bytes = BitConverter.GetBytes(num2);
this.DeviceIDCode[j] = bytes[0];
}
try
{
if (File.Exists(path))
{
File.Delete(path);
}
using (FileStream stream = File.Create(path))
{
stream.Write(new byte[] { 0x2e, 0x66 }, 0, 2);
stream.Write(this.DeviceIDCode, 0, 7);
stream.Write(this.dataComming, 0, this.dataComming.Length);
stream.Close();
}
}
catch
{
}
this.flagAutomaticIDIsOK = false;
}
So first 2 bytes of the file aren’t really all that important, the next 7 bytes are just the DeviceID, I’m more interested in the dataComming section.
byte index = 0;
int num2 = 0;
for (int i = 0; i < this.dataComming.Length; i++)
{
num2 = this.dataComming[i] + CRCTable[index];
bytes = BitConverter.GetBytes(num2);
this.dataComming[i] = bytes[0];
index = (byte) (index + 1);
}
fyi this.dataComming is declared as a byte
so num2 is assigned a value of this.dataComming[i] + CRCTable[index] which could be a possible value of over 255 (maximum size of a byte) but below 511.
num2 gets convered into bytes (an int is a size of 4 bytes)
this.dataComming[i] = bytes[0] – but we are only reading 1 of the 4 bytes (but only 2 should really be occupied if I got my theory right)
So I want to reverse this and grab the data out, I don’t know any .NET, so I tried to do it in something simple like PHP but the result comes out as jibberish. Here’s what I got so far
PHP
`
$f = fopen("0208215642", "rb");
$CRCTable = array(
0, 0x31, 0x62, 0x53, 0xc4, 0xf5, 0xa6, 0x97, 0xb9, 0x88, 0xdb, 0xea, 0x7d, 0x4c, 0x1f, 0x2e,
0x43, 0x72, 0x21, 0x10, 0x87, 0xb6, 0xe5, 0xd4, 250, 0xcb, 0x98, 0xa9, 0x3e, 15, 0x5c, 0x6d,
0x86, 0xb7, 0xe4, 0xd5, 0x42, 0x73, 0x20, 0x11, 0x3f, 14, 0x5d, 0x6c, 0xfb, 0xca, 0x99, 0xa8,
0xc5, 0xf4, 0xa7, 150, 1, 0x30, 0x63, 0x52, 0x7c, 0x4d, 30, 0x2f, 0xb8, 0x89, 0xda, 0xeb,
0x3d, 12, 0x5f, 110, 0xf9, 200, 0x9b, 170, 0x84, 0xb5, 230, 0xd7, 0x40, 0x71, 0x22, 0x13,
0x7e, 0x4f, 0x1c, 0x2d, 0xba, 0x8b, 0xd8, 0xe9, 0xc7, 0xf6, 0xa5, 0x94, 3, 50, 0x61, 80,
0xbb, 0x8a, 0xd9, 0xe8, 0x7f, 0x4e, 0x1d, 0x2c, 2, 0x33, 0x60, 0x51, 0xc6, 0xf7, 0xa4, 0x95,
0xf8, 0xc9, 0x9a, 0xab, 60, 13, 0x5e, 0x6f, 0x41, 0x70, 0x23, 0x12, 0x85, 180, 0xe7, 0xd6,
0x7a, 0x4b, 0x18, 0x29, 190, 0x8f, 220, 0xed, 0xc3, 0xf2, 0xa1, 0x90, 7, 0x36, 0x65, 0x54,
0x39, 8, 0x5b, 0x6a, 0xfd, 0xcc, 0x9f, 0xae, 0x80, 0xb1, 0xe2, 0xd3, 0x44, 0x75, 0x26, 0x17,
0xfc, 0xcd, 0x9e, 0xaf, 0x38, 9, 90, 0x6b, 0x45, 0x74, 0x27, 0x16, 0x81, 0xb0, 0xe3, 210,
0xbf, 0x8e, 0xdd, 0xec, 0x7b, 0x4a, 0x19, 40, 6, 0x37, 100, 0x55, 0xc2, 0xf3, 160, 0x91,
0x47, 0x76, 0x25, 20, 0x83, 0xb2, 0xe1, 0xd0, 0xfe, 0xcf, 0x9c, 0xad, 0x3a, 11, 0x58, 0x69,
4, 0x35, 0x66, 0x57, 0xc0, 0xf1, 0xa2, 0x93, 0xbd, 140, 0xdf, 0xee, 0x79, 0x48, 0x1b, 0x2a,
0xc1, 240, 0xa3, 0x92, 5, 0x34, 0x67, 0x56, 120, 0x49, 0x1a, 0x2b, 0xbc, 0x8d, 0xde, 0xef,
130, 0xb3, 0xe0, 0xd1, 70, 0x77, 0x24, 0x15, 0x3b, 10, 0x59, 0x68, 0xff, 0xce, 0x9d, 0xac
);
fread($f, 9); //first 9 bytes are just program related information.
$index = 0;
while(!feof($f)) {
$baseValue = ord(fread($f,1)); //grab the ASCII value of the character.
$baseValue = abs($baseValue - intval($CRCTable[$index]));
echo chr($baseValue);
$index++;
if($index == count($CRCTable)) $index = 0; //we've reached the end of the CRCTable array.
}
fclose($f);
return;
?>
`
But I think I’m missing something in the $baseValue = … section, how do I make up for the loss of a byte from the .NET CodingToFile() function.
I’m sorry if this is confusing! I tried my best explaining it,
Anyhelp would be greatly appreciated (Actually you’d mean the world to me :D)
Cheers!
This is a Caesar cipher, with a 256-element key.
The encryption code can be simplified as follows:
Which makes the reversal obvious:
I have no idea why a CRC table is used as the key, it’s got way too much regularity to make a good encryption key. Of course, for an algorithm this weak, the key probably doesn’t matter.