Re: Some BGT internals questions
@2, I disagree. Knowing this information is an extremely useful thing to know. An adversary can easily figure out this information if trying to crack the cipher the usual way. However, I can make some theories:
1) The cipher mode was most likely CBC or CTR (cipher block chaining or counter). I significantly doubt he used ECB. CBC is vulnerable to a padding oracle attack, whereas CTR is not, but this is a minor implementation detail for something like BGT.
2) Considering how intelligent Phillip is, I doubt he used the password/key you entered as the real "encryption key". I can deduce this from the fact that, when breaking the algorithm by using the bytecode in my favor, as well as knowing where everything was in memory (all the time), the key was definitely not ASCII. Usually it was a ton of unicode characters, including some control characters. Using this as a deduction guide, I can assume, with a relatively high chance of being right, that he used a key derivation function (KDF) like PBKDF2 (or something else), or hashed the password and then used the raw digest as the key. Alternatively, he also might've used a keyed hash. The advantage to either approach is that while I could decrypt anything encrypted, I never truly knew the string you passed to any of the encryption functions because I would get the resulting key that the engine generated (rather than the data you passed to the function).
I could be totally wrong, though. He may have used any other cipher mode or method of storing or deriving of cryptographic keys.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
