1

I'm trying to figure out how a given executable works. I know it's using AES-128 to encrypt and decrypt, but the specifics of the code are unknown. I can get the executable to encrypt and decrypt any data, as many times as I want. How can I go about determining the key and method used by this executable?

For example, I've noticed that hashing the same data repeatedly only differs in the very last 16 bytes of the 64 bytes of output. What else can I try that will help me obtain the key used?

Soumya
  • 450
  • 3
  • 13
  • So you have the executable, have you tried a disassembler or debugger? – RoraΖ Jan 26 '15 at 20:24
  • I tried a disassembler, but the code it spits out is less than unusable. Maybe I'll try another one. I was hoping there might be an easier way. – Soumya Jan 26 '15 at 22:04

2 Answers2

3

You can't feasibly obtain an AES key just by being able to encrypt and decrypt data of your choice. To broaden it a bit, no secure cipher lets you feasibly obtain the key, even if you can encrypt and decrypt as much data as you'd like. That's a combination of what's known as a chosen-plaintext attack and a chosen-ciphertext attack, and every modern cipher is designed to be secure against those. The only way to realistically obtain the key is through reverse-engineering; I'd focus all your efforts on that, not on trying attacks AES is designed to resist.

cpast
  • 7,223
  • 1
  • 29
  • 35
  • well technically if you can send 2^(key length) plaintext to be encrypted then you can extract the key by pure brute force, just not until the universe has died – ratchet freak Jan 26 '15 at 10:08
  • 1
    @ratchetfreak: It would be far easier to just brute force the key with only a small amount of input. –  Jan 26 '15 at 10:22
  • 1
    @ratchetfreak Note the word "feasibly" in my answer. – cpast Jan 26 '15 at 15:50
2

If you are able to obtain a memory dump (of either the process or the entire system RAM), then AES keys (in the expanded form) are somewhat distinguishable, this project will scan the entire memory dump in seconds.

Tal Aloni
  • 241
  • 2
  • 4