0

Ok, so this is a very basic cryptography question. I have captured a message from an Android app to a server. I believe this app may be stealing information from the phone it is on so I'm running it in a sandbox. Interestingly enough it looks like the application exports the key along with the encrypted blob. So I was wondering if there was any software I can put the encrypted blob in and it can try to decrypt it with all popular encryption methods. I have tried to decrypt using a couple decryption schemes.. but it would be pretty time consuming to try everything out there manually.

Here's the encrypted blob if anyone wants to take a crack at it. All the info on the sandboxed phone is fake info so don't worry about exposing my personal info if you post what's in it.

{"key":"lw1RuD0T","timestamp":"1500005457","data":"VlfTYefsS6ikoUIY3+b6XJRdh\\/I9q7N0B5ke63KEFOTHFgjJyiHCE6OzLFDP2zxVM2i5l63XOxYmhkkxJVKzdG966ztxAcxAkDlFwcMZ5pWSGq8KqtRzw6QiMEADjaIfNMLC7mmVC6okI+3AgfaFbvSQtRFDYQGWwyTNgAFnpFaNg9oe4qeRcqt6iaL4mKPyxXjf6595bsXOvCxoN\\/BqEnF90QkY0ifWlyIdMetNvlD0PVniXNDsJijtKrFN9sAOkjYZf2b3z2JYoEkSoL\\/ZEU3v2uu\\/qLEoVdEx3Ji5D8bgagnzP83O5oCcedpbdBmDzI3MEBAH933LH+ThaCjyNFsJ9pudVjB6NDJlKNsGW0Yr5GHqB+ron5Ki11ChsfrF"}

*Note, the data seems to be base64 encoded then encrypted. Obviously the double backslashes need to be stripped out then base64 decoded. Then the correct decryption needs to be used to get the data I believe.

*Note, There are a couple of questions out there on already that have to do with password storage, but this is different. Most passwords are stored in a hash, I am asking about an encryption.

Also, please don't tell me it is base64 encoded.. I'm aware. The best way to represent encrypted information is in a base64 encoding. So in order to decrypt something like this you need to base64 decode then decrypt :)

MikeSchem
  • 2,266
  • 1
  • 13
  • 33
  • You can successfully apply the given `key` as a simply XOR to the `data` and thus it will successfully "decrypt". You can also use `md5(key)` instead and then XOR, still successful. This means - as long as you don't have any way to validate the result of the decryption practically any made up algorithm could be used for "successful decryption". Thus while it might not be a duplicate it cannot be answered. – Steffen Ullrich Jul 14 '17 at 16:15
  • @Xander No, that question is about password storage which hashed not encrypted – MikeSchem Jul 14 '17 at 16:34
  • @SteffenUllrich tried XOR, nothing intelligible. While this is a good suggestion, I'm looking for a tool that can run through all possible encryption schemes and see if there are a couple that could work based certain aspects of the encrypted blob and key. – MikeSchem Jul 14 '17 at 16:36
  • @Xander: what exactly is *nothing intelligible* ? And what you consider *intelligible*? As long as you can not come up with a specification what you expect as a result of the decryption it is impossible to say if a decryption was successful or not. – Steffen Ullrich Jul 14 '17 at 16:41
  • @SteffenUllrich Xander's inclination is correct. The encrypted data should be something intelligible (ie. a sentence, some words, ect). I really just need a program that tries to compute the decryption with that key on every major encryption scheme. – MikeSchem Jul 14 '17 at 18:28
  • 1
    @MikeSchem: the key is 8 characters ASCII. Thus it might be a 64 bit binary key but unlikely. It is probably more 6 Byte binary, i.e. 48 bit. No current major encryption scheme uses such small keys which means that if any of these is used some key stretching is involved, maybe using a secret or salt known only to the recipient. And that's just one of the many ways one could go - there could also be proprietary encryption schemes etc. And this is just assuming that what you see is encrypted at all and the key is related to the encryption key - which is only speculation currently. – Steffen Ullrich Jul 14 '17 at 18:43
  • @SteffenUllrich thanks for the insight. That all makes sense to me. In this instance there may be no way to find out what encryption type it is. I'm really just looking for a tool in general to tell me what the possibilities are. Just like you identified that the key would have to be stretched, for another data set the key might be the right length, and in that case I'd want to know what the options could be. In addition, can the same type of a analysis you used be used if I only had the encrypted blob? What would you look at firs there? – MikeSchem Jul 14 '17 at 19:05
  • @MikeSchem: I don't think there is a general answer. And I don't think there is a tool where you could throw in some encrypted data and it figures out algorithm and original text even if you don't know what the plain text really should look like. But, there is openssl with lots of algorithms, it has bindings in python and other languages and with some coding one can quickly create a tool suitable for a specific purpose - provided one has more clear ideas of how to proceed and does not expect magic. – Steffen Ullrich Jul 14 '17 at 19:26
  • There is no way to enumerate all possibilities because the number of possibilities is countably infinite. As one example, consider that many login mechanisms choose to hash a password multiple times (i.e. 10,000 times) for the sole purpose of slowing the calculation down. – Cort Ammon Jul 15 '17 at 00:29
  • @CortAmmon again, not passwords nor hashing. I do realize you can encrypt things over an over (ie. triple DES), but I was looking for just the common ones. – MikeSchem Jul 18 '17 at 01:32
  • Have you tried reverse engineering the application? – Shiv Sahni Feb 22 '18 at 17:45

0 Answers0