Meganet VME
/*
* You might have heard of Meganet's "Virtual Matrix Encryption." They've
* had a series of "crack this code" contests, but won't tell us how their
* code works. The program below was reverse-engineered from the shareware
* software which is available on their web site, and can decrypt VME files.
* This is not a cracking program (you need to supply the required secret
* information in order to decrypt) but maybe someone can use it to build
* one.
*
* If you try to decrypt Meganet's old encrypted challenge files with this
* code, you'll get garbage. However, it's exactly the same garbage that
* you'll get if you decrypt the files with their shareware software. This
* is not due to the much-hyped "Date Limiting Algorithm" (see below for
* details). Apparantly either a) the shareware version is broken, or
* b) Meganet decided to make certain nobody would win the challenge by
* encrypting random numbers instead of a meaningful file. This code can
* correctly decrypt files that were encrypted with the shareware version.
*/
#include
#include
#include
int vme_decrypt(FILE *data_file, char *passwords[], FILE *config_file,
FILE *secret_file, FILE *out_file);
/* Test driver. Sorry there isn't a proper user interface here. */
int main()
{
FILE *data_file, *config_file, *secret_file, *out_file;
char *passwords[] = {
"[EMAIL PROTECTED]", /* sender */
"[EMAIL PROTECTED]", /* recipient */
"VME Challenge 2001", /* description */
"", /* password */
};
data_file = fopen("vme2001.vme", "rb");
config_file = fopen("vme2001.cfg", "rb");
secret_file = fopen("vme2001.txt", "rb");
out_file = fopen("decrypt.out", "wb");
if ( vme_decrypt(data_file, passwords, config_file, secret_file, out_file) )
printf("Decryption failed\n");
return 0;
}
/* There are a number of incompatible changes between
the 2000 and 2002 versions. */
/* #define VME_2002 1 */
#define VME_NUM_PASS 4
#define VME_PASS_SIZE 0x40
#define VME_KEY_SIZE 0x10
#define VME_BUF_SIZE 0x100
#define VME_MBK_SIZE 0x8000
#define VME_MAXINT 0xu
#define SWAP(x,y) { int temp = (x); (x) = (y); (y) = temp; }
#define LROT(x,y) ( ((x)<<(y) | (x)>>(8-(y))) & 0xff )
#define RROT(x,y) ( ((x)>>(y) | (x)<<(8-(y))) & 0xff )
#define VME_RAND(r) ( (r)=((r)*0x19660du+0x3c6ef35fu)&VME_MAXINT )
#define VME_RAND8(r) ( (r)=((r)*0x0d+0x5f)&0xff )
struct vme_state {
int num_funcs, have_secret, key_xor, randb1, randb10;
unsigned main_key;
unsigned char func_order[VME_KEY_SIZE], key_order[VME_KEY_SIZE];
unsigned char key3[VME_KEY_SIZE];
unsigned char stk[VME_BUF_SIZE], key1[VME_BUF_SIZE], key2[VME_BUF_SIZE];
unsigned char perm1[VME_BUF_SIZE], perm2[VME_BUF_SIZE];
unsigned char invperm2[VME_BUF_SIZE], mul[VME_BUF_SIZE];
unsigned char rmbk1[VME_BUF_SIZE], rmbk2[VME_BUF_SIZE];
unsigned char rmbk3[VME_BUF_SIZE], rmbk4[VME_BUF_SIZE];
unsigned char mbk1[VME_MBK_SIZE], mbk2[VME_MBK_SIZE];
unsigned char mbk3[VME_MBK_SIZE], mbk4[VME_MBK_SIZE];
};
static int vme_load_config(FILE *config_file, struct vme_state *vme);
static int vme_load_stk(FILE *data_file, struct vme_state *vme);
static int vme_main_init(FILE *data_file, char *passwords[],
FILE *secret_file, struct vme_state *vme);
static void vme_key_init(struct vme_state *vme);
static void vme_mbk_init(FILE *secret_file, struct vme_state *vme);
static void vme_decrypt_loop(FILE *data_file, FILE *out_file,
struct vme_state *vme);
static int vme_table1(int c, int n, int k, struct vme_state *vme);
static int vme_table2(int c, int n, unsigned rand);
int vme_decrypt(FILE *data_file, char *passwords[], FILE *config_file,
FILE *secret_file, FILE *out_file)
{
struct vme_state vme;
if ( vme_load_config(config_file, &vme) ) return 1;
if ( vme_load_stk(data_file, &vme) ) return 1;
if ( vme_main_init(data_file, passwords, secret_file, &vme) ) return 1;
vme_key_init(&vme);
vme_mbk_init(secret_file, &vme);
vme_decrypt_loop(data_file, out_file, &vme);
return 0;
} /* vme_decrypt */
/*
* The configuration file gives the initial order of the functions applied
* to the data as it is encrypted.
*/
static int vme_load_config(FILE *config_file, struct vme_state *vme)
{
int i, c, f, n, rand_state;
if (config_file == NULL) return 1;
fseek(config_file, 0, SEEK_SET);
rand_state = 0xff;
n = 0;
for (i = 0; i < VME_KEY_SIZE; i++) {
c = getc(config_file);
if (c == EOF) return 1;
c ^= VME_RAND8(rand_state);
f = c >> 4;
vme->func_order[i] = f;
vme->key_order[i] = (f == 0xe) ? 0xe : c & 0xf;
if (f != 0xf) n = i;
}
vme->num_funcs = n + 1;
return 0;
} /* vme_load_config */
/*
* The enrypted file is prefixed with a 256-byte header which contains
* the Specific Transaction Key (STK) and some encoded information.
* Instead of using the manufacturer-recommended procedure to decode
* the information using the passwords, this code just does an
* exhaustive key search. You're going to bust a gut
Looking for an SSL blocking proxy
This is a multi-part message in MIME format. ---Next_Part--87L6KN4EFH0J Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Does anyone know if there exists a tool to perform SSL at the firewall level instead of at the browser so that I can watch my charges' internet downloading? I don't want to spy on them I only want to spy on those that do something they're not supposed to. As you well know, we can't have our most precious national resource, our children, talking to strangers about their sex lives, real or imagined. 'Cyber' is not funny, 'cyber' is not harmless. What they _think_ is a 15yo high school student in Pasadena _could in fact_ be a 19yo college student in *their* town. I won't abuse the system to get their hotmail passwords and read their mail, because we've already blocked hotmail.com and made them use mail and chat in which we can protect them from their baser urges. But they keep getting out over https:// and now there's this new Peek-at-booty that disguises itself as a credit card # upload. Although we have already dusted off our nuclear evacuation manuals in order to teach our children what to do if the sky starts to fall, 'duck and cover' will not cut it on the Internet. We must co-operate unquestioningly if we are to protect our nation's future from child sex predators and advocates of child sex predators. A child's life may be in your hands at this very instant. Think about it. A Responsible K-12 Sysadmin ---Next_Part--87L6KN4EFH0J Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Looking for an SSL blocking proxy Does anyone know if there exists a tool to perform SSL at the firewall level instead of at the browser so that I can watch my charges' internet downloading? I don't want to spy on them I only want to spy on those that do something they're not supposed to. As you well know, we can't have our most precious national resource, our children, talking to strangers about their sex lives, real or imagined. 'Cyber' is not funny, 'cyber' is not harmless. What they think is a 15yo high school student in Pasadena could in fact be a 19yo college student in their town. I won't abuse the system to get their hotmail passwords and read their mail, because we've already blocked hotmail.com and made them use mail and chat in which we can protect them from their baser urges. But they keep getting out over https:// and now there's this new Peek-at-booty that disguises itself as a credit card # upload. Although we have already dusted off our nuclear evacuation manuals in order to teach our children what to do if the sky starts to fall, 'duck and cover' will not cut it on the Internet. We must co-operate unquestioningly if we are to protect our nation's future from child sex predators and advocates of child sex predators. A child's life may be in your hands at this very instant. Think about it. A Responsible K-12 Sysadmin ---Next_Part--87L6KN4EFH0J--
RE: Looking for an SSL blocking proxy
First: I recognize that this post may be a troll. The poster is clued in enough to use cpunks_anon, but too clueless to turn off HTML posting - an odd combination. Also the language used (eg: "we must all cooperate unquestioningly") is a bit over the top. Second: Don't post in HTML. It makes you look like an idiot. Third: The short answer is NO. You can block requests to port 443, and maybe your firewall could try to recognize SSL sessions on other ports and block them. But to get what you are asking for the browser would also have to be modified to work together with the firewall to leave https requests clear until they got to the fw. I am not aware of any product that does this (I am not too up on current firewalls). Fourth: It is necessary that you "cooperate unquestioningly" with this list's agenda - not only should not be blocking access, you should be teaching your 'charges' how to use strong cryptography, remailers, and anonymizing proxies for their self-defense against predators, and how to protect their real identities online. That '19-yo college student' can't do squat if he doesn't know that his or her corrospondent is in the same town. Don't shield your charges: Make them invulnerable in their own right. That is true protection, and good parenting. > -- > From: CDR Anonymizer[SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Thursday, April 04, 2002 2:02 PM > To: [EMAIL PROTECTED] > Subject: Looking for an SSL blocking proxy > > This is a multi-part message in MIME format. > ---Next_Part--87L6KN4EFH0J > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Does anyone know if there exists a tool to perform SSL at the > firewall level instead of at the browser so that I can watch my > charges' internet downloading? I don't want to spy on them I only > want to spy on those that do something they're not supposed to. > > As you well know, we can't have our most precious national resource, > our children, talking to strangers about their sex lives, real or > imagined. > > 'Cyber' is not funny, 'cyber' is not harmless. What they _think_ is > a 15yo high school student in Pasadena _could in fact_ be a 19yo > college student in *their* town. > > I won't abuse the system to get their hotmail passwords and read > their mail, because we've already blocked hotmail.com and made them > use mail and chat in which we can protect them from their baser urges. > But they keep getting out over https:// and now there's this new > Peek-at-booty that disguises itself as a credit card # upload. > > Although we have already dusted off our nuclear evacuation manuals > in order to teach our children what to do if the sky starts to fall, > 'duck and cover' will not cut it on the Internet. We must co-operate > unquestioningly if we are to protect our nation's future from child > sex predators and advocates of child sex predators. > > > A child's life may be in your hands at this very instant. > Think about it. > > A Responsible K-12 Sysadmin > > ---Next_Part--87L6KN4EFH0J > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > > > > > > Looking for an SSL blocking proxy > > > > > Does anyone know if there exists a tool to perform SSL at the > firewall level instead of at the browser so that I can watch my > charges' internet downloading? I don't want to spy on them I only > want to spy on those that do something they're not supposed to. > > As you well know, we can't have our most precious national resource, > our children, talking to strangers about their sex lives, real or > imagined. > > 'Cyber' is not funny, 'cyber' is not harmless. What they think is > > a 15yo high school student in Pasadena could in fact be a 19yo > college student in their town. > > I won't abuse the system to get their hotmail passwords and read > their mail, because we've already blocked hotmail.com and made them > use mail and chat in which we can protect them from their baser urges. > > But they keep getting out over https:// > and now there's this new Peek-at-booty that disguises itself as > a credit card # upload. > > Although we have already dusted off our nuclear evacuation manuals > in order to teach our children what to do if the sky starts to fall, > 'duck and cover' will not cut it on the Internet. We must co-operate > unquestioningly if we are to protect our nation's future from child > sex predators and advocates of child sex predators. > > > A child's life may be in your hands at this very instant. > Think about it. > > A Responsible K-12 Sysadmin > > > > > > ---Next_Part--87L6KN4EFH0J-- > >
