Challenge : Sfx encrypted file, to verify it's security level

For other topics related to the FreeBASIC project or its community.
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Challenge : Sfx encrypted file, to verify it's security level

Postby marpon » May 02, 2019 16:49

Hi

I have been working on encrypt_decrypt features, and i've done an sfx creator for encrypted content.
the objective is to transfert data to others with some level of security ( not as professionnal)

Before using it, I am interrested to know how robust is it.

As i've seen some topics on crypto subjects in this forum, i wonder if it could be an interresting challenge,
so i will be happy if some of you can try to extract the content of that sfx .

i've put it on pcloud in public folder
https://my.pcloud.com/publink/show?code=XZ9U5U7ZMpHYE0O1Ly8rdjg0Rd8fSLVix7qX

thanks for your support.
Tourist Trap
Posts: 2762
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby Tourist Trap » May 02, 2019 17:34

Hi Marpon,

could you tell the peasant what is a "sfx". Does it have to be an EXE?

Thank you
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby marpon » May 02, 2019 17:37

yes sfx is the designation you can see on rar or other archivers

SFX for self extraction file, it has to be an executable, with embedded data.
Tourist Trap
Posts: 2762
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby Tourist Trap » May 02, 2019 17:40

marpon wrote:yes sfx is the designation you can see on rar or other archivers

SFX for self extraction file, it has to be an executable, with embedded data.

What I would try then is something like Uni-install (I may have forgotten the name /edit see below). You know the stuff that tries to decrypt self-installers.
But by hand, what can one do? Seems very hard.

https://portableapps.com/node/34460 -> universal extractor
seems the code is avaiable here: https://github.com/Bioruebe/UniExtract2
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby marpon » May 02, 2019 18:00

I know uniextract, i've used it for several years...

it use the archivers uncompress dll, or exe to uncompress files, it looks at the known signature of the compressed file to select the right tool to use.

Do not expect it will work for the challenge file, my objective is not to spray the info but to restrict it.
Tourist Trap
Posts: 2762
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby Tourist Trap » May 02, 2019 18:10

marpon wrote:Do not expect it will work for the challenge file, my objective is not to spray the info but to restrict it.

Of course.
After all we have full access to the exe, so it's more a job for a decompiler. I had one very good in the past with which I was looking at how to win the videogames :) But right now I can't remember anything (I think it was a limited version of IDA pro, an incredible tool anyway), and it was not a totally free software. Ok, let's see if someone will crack your code then.
dodicat
Posts: 5938
Joined: Jan 10, 2006 20:30
Location: Scotland

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby dodicat » May 02, 2019 19:01

Well marpon, I'm out!
sfx_challenge.exe went straight to quarantine, and on this system it is a one way ticket.(Like a black hole in the centre of Win 10)
counting_pine
Site Admin
Posts: 6172
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby counting_pine » May 03, 2019 13:51

As far as I know, there are no cryptographers or reverse engineering experts on the forum..
Compiled source code is a powerful obfuscation barrier, but an expert would probably be able to estimate a reasonable timeframe for cracking that step.
If you truly want to know how secure it is, share the algorithm with someone you trust, see if they can find any flaws.
Otherwise, if it's not a really trivial method (e.g. ROT13 transformation, BASE64 encoding), most people will quickly run out of patience, and it will never be cracked unless the NSA take an interest, or you try and use it as a method of DRM copy protection.
Tourist Trap
Posts: 2762
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby Tourist Trap » May 03, 2019 18:29

Just in case, and because it can help the author to watch at its own executable from an interesting perspective, I put this link to a decompiler suggested by srvaldez a few week ago. And tbis one is free.
viewtopic.php?f=3&t=27495
(seems developed by the nsa? didn't go too deep in this to tell...)
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Postby marpon » May 04, 2019 8:16

Thank's all for your remarks

@Tourist Trap
I will avoid to download exe from that kind of organisation, i do not want to give total access to my pc...

@counting_pine
it's what i bet, put enougth difficulties for the people versus interrest
as i said it is for 'private' usage not commercial.
what i do not like is to use the well known zip, rar... tools, i'm sure their protection features have already been decoded by some organisation

@dodicat
sorry, but i'm interrested on what kind of anti-virus you are using.
i've been submitting the exe to VirusTotal, and only 3 on 71 got false positive detection

Return to “Community Discussion”

Who is online

Users browsing this forum: Bing [Bot] and 25 guests