How to Find Encryption Type by Seeing Encrypted Text?

Question

When I submit an Customer Reference ID in an Android Application it POSTs an Encrypted String to an API Endpoint.

For example, if I enter the following CR ID :

"CR-13261150"

it POSTs the following Encrypted Data:

splainText : "vpEz/Vm8Yi9v5/fzNE+MDoMIQGZ0vNvjPuX8UNAi26c="

     Count : 31

i can say count is based on Length of Customer ID,if the lenght is 11 then count is 31. (But All Valid Customer ID will have Length 11 for Sure)

Now let's assume if I submit the same CR ID in the following minute the Encrypted String Changes. But if I submit the same CR ID in the very same minute then for some reason I get the very same Encrypted String.

Please tell Me Which Encyption Method was Used and How to Decrypt it to Orginal Text.

Your second text looks like based encoded but that is not an encryption. If the actual data is encrypted then this is the end. A good encryption outputs data the is not distinguishable from random data. The only property you may be able to identify from the encrypted text if the algorithm is a block cipher or a stream cipher (based on it's length). — Robert, Mar 22 '22 at 19:12
Does this answer your question? [How to determine what type of encoding/encryption has been used?](https://security.stackexchange.com/questions/3989/how-to-determine-what-type-of-encoding-encryption-has-been-used) — user, Mar 22 '22 at 19:44
Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. — Community, Mar 22 '22 at 20:28
The problem isn't that the question was misunderstood, but rather that the question is off-topic here. We aren't the reverse engineering stack. — schroeder, Apr 05 '22 at 19:27

mti2935 · Answer 1 · 2022-03-22T21:20:29.037

3

This is XOR encryption, with the key d684babf42876f1a2246973928c118f642398921e150882c4f912b

The following python script will decrypt the cyphertext:

import base64

cyphertextb64='k9Ca7yroAX8CDvhUTeA512MYqADAcakNbrAK'
keyb16='d684babf42876f1a2246973928c118f642398921e150882c4f912b'

cyphertextb16=base64.b64decode(cyphertextb64).hex()

#XOR Decryption:
plaintexthex=hex(int(cyphertextb16, 16) ^ int(keyb16, 16))  

plaintextbytes=bytes.fromhex(plaintexthex[2:])
plaintext=plaintextbytes.decode("utf-8")
print(plaintext)

This produces the decrypted plaintext, which is:

ET Phone Home!!!!!!!!!!!!!!

Edit:

In response to the question in the comment below about how I went about reverse-engineering this:

First, I did this to show that questions like this are pointless, because you can use a cipher like XOR to make any ciphertext decrypt to any plaintext you want, using a carefully chosen key.

As to how I chose the key: If you have A xor B = C then, the following is also true:

A xor C = B
C xor B = A

So, I made the given ciphertext A, and I made my wanted plaintext ('ET Phone Home!!!!!!!!!!!!!!') B, and used the first equation above to find the key, C.

This can be done using the following python script:

import base64

cyphertextb64='k9Ca7yroAX8CDvhUTeA512MYqADAcakNbrAK'
plaintext='ET Phone Home!!!!!!!!!!!!!!'
 
cyphertextb16=base64.b64decode(cyphertextb64).hex()
plaintextbytes=plaintext.encode("utf-8")
plaintextb16=plaintextbytes.hex()

#XOR:
key=hex( int(plaintextb16, 16) ^ int(cyphertextb16, 16) )

print('key:', key[2:])

Which produces:

key: d684babf42876f1a2246973928c118f642398921e150882c4f912b

Sure enough, 'decrypting' the given cyphertext by XORing it with the key above produces the wanted plaintext, as shown in the first script above.

edited Mar 22 '22 at 21:20

answered Mar 22 '22 at 20:34

mti2935

19,868
2
45
64

How do you go about reverse engineering that please? – Rodrigo Murillo Mar 22 '22 at 21:00
@RodrigoMurillo See edit that I made above in my answer. – mti2935 Mar 22 '22 at 21:20
Ah... chosen plain text! Got it well done thanks – Rodrigo Murillo Mar 22 '22 at 21:43
3

@RodrigoMurillo I'd argue it's the infamous chosen key-attack ;) – vidarlo Mar 22 '22 at 23:03
1

@mti2935 Totally disagree, as explained in great detail in my completely different answer. ;) – hft Mar 22 '22 at 23:28
1

Very clever, @hft! – mti2935 Mar 22 '22 at 23:40
2

Agreed @vidarlo clever. Never learned so much from a "bad" question. Thanks – Rodrigo Murillo Mar 23 '22 at 00:08
@RodrigoMurillo see https://security.stackexchange.com/questions/217862/what-if-the-attacker-tamper-the-iv-used-in-the-block-cipher-cbc-mode/ for how a similar type of attack can be used with AES-CBC decryption, when the integrity of the IV is not verified. – mti2935 Mar 28 '22 at 22:00

score 1 · Answer 2 · answered Mar 22 '22 at 23:27

This is XOR encryption with the key c1bff2865e80211e71659d306d8119b5027c8871b514da7907df64

The following python script will decrypt the cyphertext:

import base64

cyphertextb64='k9Ca7yroAX8CDvhUTeA512MYqADAcakNbrAK'
keyb16='c1bff2865e80211e71659d306d8119b5027c8871b514da7907df64'

cyphertextb16=base64.b64decode(cyphertextb64).hex()

#XOR Decryption:
plaintexthex=hex(int(cyphertextb16, 16) ^ int(keyb16, 16))  

plaintextbytes=bytes.fromhex(plaintexthex[2:])
plaintext=plaintextbytes.decode("utf-8")
print(plaintext)

This produces the decrypted plaintext, which is:

`Rohith asked a bad question`

How to Find Encryption Type by Seeing Encrypted Text?

2 Answers2

Linked