XECryption algorithm decryption code

quirinus

Croatia2489 Posts

September 17 2013 09:14 GMT

I've been having fun solving challenges from Hack This Site!, challenging myself to use the knowledge I have, and to learn new things (especially about security, since I like to make a web page here and there).

Then I came upon a challenge (realistic 6) that requires you to decrypt a message that was encrypted using the XECryption algorithm. (don't continue reading this if you ever want to solve it without spoilers)

What the XECryption algorithm is about is (from here):

The password the user chose is first used to produce a number by adding the ASCII value of every character in the password to produce one large total. This number is used as the encryption key.
The message is encrypted by adding the password key is added to the ASCII value of each letter in the message, then it is divided by three. A random number between -10 and 10 is added to this new number. This becomes the first number in the series, and is repeated to produce the second number. The third number is the difference between the first two final numbers and the original ASCII value plus the password key. At the end, every letter in the encrypted message takes on the following format: ".193.144.164".
When decrypting, the password key is found in the same way that it's encrypted. Each triplet is added together, and then the password key is subtracted. This is the ASCII value of the letter.

My take on decrypting it:

Knowing the exact word/characters used for the key isn't important. Depending on the decryption concept used, you don't even need to know the key value.
So to get each encrypted character number, you have to add numbers 3 by 3.
If it's a normal English text, the most often character is obviously space (after that it's e).
That's why you find the most frequent number, and it should be the space.
Then you subtract the ASCII value of space from it (it's 32) to get the key value.*
Substract the key value from all the character values and turn them from ASCII values to characters.
Done.

If it doesn't give a sensible message, you can keep changing the number in * from 32 to something else, until you get a message that makes sense.

Another approach is:

Add numbers 3 by 3 to get encrypted character numbers.
Find the lowest encrypted character number.
Subtract it from every character number.
Keep increasing all character numbers by 1 until you get a sensible message (must be less than 256).

The first approach is automatic, but it doesn't work on weird messages (where weird is not having space be the most frequent character), unless you keep changing the number - which is pretty much the second approach.
The second approach works well with any kind of message, but it's not automatic, ie. you have to look at the message every time you change the number.

Anyways, I just wanted to share the code and what I've been up to, so here's the code (PHP) I made for the first approach, together with the encrypted message:
+ Show Spoiler [Code] +

<?php
$code = ".296.294.255.268.313.278.311.270.290.305.322.252.276.286.301.305.264.301.251.269.274.311.304.230.280.264.327.301.301.265.287.285.306.265.282.319.235.262.278.249.239.284.237.249.289.250.282.240.256.287.303.310.314.242.302.289.268.315.264.293.261.298.310.242.253.299.278.272.333.272.295.306.276.317.286.250.272.272.274.282.308.262.285.326.321.285.270.270.241.283.305.319.246.263.311.299.295.315.263.304.279.286.286.299.282.285.289.298.277.292.296.282.267.245.304.322.252.265.313.288.310.281.272.266.243.285.309.295.269.295.308.275.316.267.283.311.300.252.270.318.288.266.276.252.313.280.288.258.272.329.321.291.271.279.250.265.261.293.319.309.303.260.266.291.237.299.286.293.279.267.320.290.265.308.278.239.277.314.300.253.274.309.289.280.279.302.307.317.252.261.291.311.268.262.329.312.271.294.291.291.281.282.292.288.240.248.306.277.298.295.267.312.284.265.294.321.260.293.310.300.307.263.304.297.276.262.291.241.284.312.277.276.265.323.280.257.257.303.320.255.291.292.290.270.267.345.264.291.312.295.269.297.280.290.224.308.313.240.308.311.247.284.311.268.289.266.316.299.269.299.298.265.298.262.260.337.320.285.265.273.307.297.282.287.225.302.277.288.284.310.278.255.263.276.283.322.273.300.264.302.312.289.262.236.278.280.286.292.298.296.313.258.300.280.300.260.274.329.288.272.316.256.259.279.297.296.283.273.286.320.287.313.272.301.311.260.302.261.304.280.264.328.259.259.347.245.291.258.289.270.300.301.318.251.305.278.290.311.280.281.293.313.259.300.262.315.263.319.285.282.297.283.290.293.280.237.234.323.289.305.279.314.274.291.309.273.294.249.283.262.271.286.310.305.306.261.298.282.282.307.287.285.305.297.275.306.280.292.291.284.301.278.293.296.277.301.281.274.315.281.254.251.289.313.307.244.256.302.301.317.305.239.316.274.277.296.269.305.301.279.287.317.284.277.305.298.264.304.286.273.275.293.309.286.282.240.287.239.268.269.267.315.311.292.270.271.272.336.282.237.275.316.306.239.305.314.240.296.306.270.247.245.302.317.316.241.291.310.266.274.274.313.288.262.319.280.276.238.297.295.287.285.288.301.272.275.247.305.292.286.272.310.291.301.322.256.315.298.263.281.276.237.294.284.296.284.302.273.298.287.298.301.265.305.270.315.278.283.302.287.263.270.345.258.270.266.302.309.262.260.277.327.263.277.254.283.276.239.272.264.276.279.264.267.298.264.244.245.273.292.289.273.248.259.263.288.290.294.210.288.268.311.318.312.242.285.293.216.262.276.340.292.299.275.259.293.311.234.266.294.278.307.286.267.307.285.269.310.288.274.270.326.273.276.311.304.267.302.318.265.299.263.283.248.257.314.288.321.321.236.284.283.227.320.312.246.261.289.316.288.263.312.241.265.288.298.286.287.274.306.279.276.289.307.303.293.281.298.317.252.312.283.278.263.304.305.258.266.270.294.286.293.290.291.291.258.254.282.282.283.313.268.282.316.310.299.254.264.234.296.270.265.326.288.292.293.321.305.250.320.299.253.270.296.297.298.266.312.234.273.287.309.286.278.269.279.316.284.276.234.293.255.267.242.253.318.270.246.278.292.285.282.314.266.292.286.263.313.249.290.255.289.264.292.301.299.278.291.292.225.250.261.283.303.262.264.264.303.299.297.274.288.267.293.316.320.317.233.303.258.302.271.283.323.247.279.268.312.269.297.313.280.280.273.266.332.276.313.284.281.316.279.290.273.313.308.305.260.302.306.273.234.279.281.284.298.278.259.290.314.275.264.339.293.322.266.261.296.306.277.275.311.284.270.318.259.249.286.292.301.285.280.303.283.287.299.277.273.293.228.311.283.272.304.292.277.271.306.302.278.298.300.287.281.309.243.272.279.282.300.291.295.284.285.252.291.251.285.283.245.250.252.318.298.277.235.288.259.263.278.274.307.261.260.350.250.288.256.282.316.261.285.295.292.300.298.264.245.241.308.301.261.253.289.264.267.300.262.248.287.257.266.275.287.297.320.287.264.279.297.232.231.256.288.243.252.277.274.245.256.253.229.290.263.305.278.260.294.312.283.301.275.276.299.297.312.275.282.294.272.228.302.324.257.261.286.326.280.283.316.294.254.258.275.264.236.240.277.255.231.258.286.242.277.253.296.290.250.314.320.239.292.313.261.294.261.317.273.285.236.292.282.271.264.297.300.272.308.299.300.269.301.269.317.284.286.262.315.276.279.328.269.254.252.232.272.268.309.273.264.296.305.272.267.291.324.302.297.268.268.263.298.300.261.312.241.254.299.280.263.292.260.301.311.317.297.248.314.272.293.298.281.298.276.311.291.297.318.261.274.300.293.297.267.295.261.275.334.289.238.267.289.283.257.300.262.304.311.278.274.265.261.345.301.296.270.273.299.289.274.272.313.282.268.320.287.320.270";
$numbers = explode(".", $code); //makes an array from numbers
array_shift($numbers); //removes the first empty element (because of the first .)

$length= count($numbers);
$new_numbers = Array();
for ($i=0;$i<$length;$i += 3) //takes 3 by 3 elements and adds them
{
	$new_numbers[] = $numbers[$i]+$numbers[$i+1]+$numbers[$i+2];
}

$count = array_count_values($new_numbers); //makes an array with values as keys, and their frequency as values
$key = array_search(max($count), $count) - ord(" "); //find the most often element value (should be space) and substracts the space value; it should be the key
echo "Key value:<br />rn";
echo "$key<br />rn<br />rn";


function normalize($number, $key) //substracts the key value from the number
{
	return $number - $key;
}
$char_keys = array_map("normalize", $new_numbers, array_fill(0, count($new_numbers), $key)); //substracts the key value from the numbers, giving character numbers

function char_convert($char) //converts number to character
{
	return chr($char);
}
$count = array_map("char_convert", $char_keys); //converts all numbers to characters
echo "Decrypted message:<br />rn";
echo implode("", $count);

?>

Or you can see it in codepad, together with the output (decrypted message):
http://codepad.org/0sW3WUR3

Chezus

Netherlands427 Posts

September 17 2013 13:08 GMT

On September 17 2013 18:14 quirinus wrote:
Then I came upon a challenge (realistic 6) that requires you to decrypt a message that was encrypted using the XECryption algorithm. (don't continue reading this if you ever want to solve it without spoilers)

Funny, I was just thinking I should continue doing missions on Hack This Site

. I stopped at realistic 4 a while back. I really want to read further, but I don't want to be spoiled at all :p. Anyway, Hack This Site is awesome

a lot of fun and very educational.

quirinus

Croatia2489 Posts

September 17 2013 14:11 GMT

On September 17 2013 22:08 Chezus wrote:

Show nested quote +

Funny, I was just thinking I should continue doing missions on Hack This Site

. I stopped at realistic 4 a while back. I really want to read further, but I don't want to be spoiled at all :p. Anyway, Hack This Site is awesome

a lot of fun and very educational.

Haha, go for it! Realistic 6 is probably the easiest realistic (at least to me), since it's a lot more logical/programming than the others. Some of the other challenges don't even make sense and are more like notpron than realistic hacking (unless you go sick brute force).

TylerThaCreator

United States906 Posts

September 17 2013 15:40 GMT

Cool stuff man!

Please or register to reply.

XECryption algorithm decryption code

Completed

Ongoing

Upcoming