Challenge : Sfx encrypted file, to verify it's security level

General discussion for topics related to the FreeBASIC project or its community.
Post Reply
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Challenge : Sfx encrypted file, to verify it's security level

Post by marpon »

Hi

I have been working on encrypt_decrypt features, and i've done an sfx creator for encrypted content.
the objective is to transfert data to others with some level of security ( not as professionnal)

Before using it, I am interrested to know how robust is it.

As i've seen some topics on crypto subjects in this forum, i wonder if it could be an interresting challenge,
so i will be happy if some of you can try to extract the content of that sfx .

i've put it on pcloud in public folder
https://my.pcloud.com/publink/show?code ... 8fSLVix7qX

thanks for your support.
Tourist Trap
Posts: 2958
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by Tourist Trap »

Hi Marpon,

could you tell the peasant what is a "sfx". Does it have to be an EXE?

Thank you
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by marpon »

yes sfx is the designation you can see on rar or other archivers

SFX for self extraction file, it has to be an executable, with embedded data.
Tourist Trap
Posts: 2958
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by Tourist Trap »

marpon wrote:yes sfx is the designation you can see on rar or other archivers

SFX for self extraction file, it has to be an executable, with embedded data.
What I would try then is something like Uni-install (I may have forgotten the name /edit see below). You know the stuff that tries to decrypt self-installers.
But by hand, what can one do? Seems very hard.

https://portableapps.com/node/34460 -> universal extractor
seems the code is avaiable here: https://github.com/Bioruebe/UniExtract2
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by marpon »

I know uniextract, i've used it for several years...

it use the archivers uncompress dll, or exe to uncompress files, it looks at the known signature of the compressed file to select the right tool to use.

Do not expect it will work for the challenge file, my objective is not to spray the info but to restrict it.
Tourist Trap
Posts: 2958
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by Tourist Trap »

marpon wrote: Do not expect it will work for the challenge file, my objective is not to spray the info but to restrict it.
Of course.
After all we have full access to the exe, so it's more a job for a decompiler. I had one very good in the past with which I was looking at how to win the videogames :) But right now I can't remember anything (I think it was a limited version of IDA pro, an incredible tool anyway), and it was not a totally free software. Ok, let's see if someone will crack your code then.
dodicat
Posts: 7976
Joined: Jan 10, 2006 20:30
Location: Scotland

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by dodicat »

Well marpon, I'm out!
sfx_challenge.exe went straight to quarantine, and on this system it is a one way ticket.(Like a black hole in the centre of Win 10)
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by counting_pine »

As far as I know, there are no cryptographers or reverse engineering experts on the forum..
Compiled source code is a powerful obfuscation barrier, but an expert would probably be able to estimate a reasonable timeframe for cracking that step.
If you truly want to know how secure it is, share the algorithm with someone you trust, see if they can find any flaws.
Otherwise, if it's not a really trivial method (e.g. ROT13 transformation, BASE64 encoding), most people will quickly run out of patience, and it will never be cracked unless the NSA take an interest, or you try and use it as a method of DRM copy protection.
Tourist Trap
Posts: 2958
Joined: Jun 02, 2015 16:24

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by Tourist Trap »

Just in case, and because it can help the author to watch at its own executable from an interesting perspective, I put this link to a decompiler suggested by srvaldez a few week ago. And tbis one is free.
viewtopic.php?f=3&t=27495
(seems developed by the nsa? didn't go too deep in this to tell...)
marpon
Posts: 342
Joined: Dec 28, 2012 13:31
Location: Paris - France

Re: Challenge : Sfx encrypted file, to verify it's security level

Post by marpon »

Thank's all for your remarks

@Tourist Trap
I will avoid to download exe from that kind of organisation, i do not want to give total access to my pc...

@counting_pine
it's what i bet, put enougth difficulties for the people versus interrest
as i said it is for 'private' usage not commercial.
what i do not like is to use the well known zip, rar... tools, i'm sure their protection features have already been decoded by some organisation

@dodicat
sorry, but i'm interrested on what kind of anti-virus you are using.
i've been submitting the exe to VirusTotal, and only 3 on 71 got false positive detection
Post Reply