1

I need help of cryptanalyzing a "bad" RC4 implementation to recover an encrypted text of 13742 bytes.

I don't know the key and this implementation does not utilize the drop-n routine.

But, I know the key length (256). Also, I think it is a bad implementation because the KSA is as follows:

def ksa(key) :                                   # RC4_KSA_STANDARD
  S = range(256)[::-1]                           # S = range(256)

  j = 0
  for i in range(256) :
    j = (j + S[i] + key[i]) % 256                # j = (j + S[i] + key[i % len(key)]) % 256
    S[i], S[j] = S[j], S[i]

  return(S)
  1. The initialisation of S is inverted ([::-1])
  2. j is calculated without key[i % len(key)]

My hypothesis: recover the first round with the first 256 bytes of encrypted text (because KSA is maybe more "predictable" without key[i + len(key) % 256]).

My questions are:

  • Am I on the right track?
  • Otherwise, is there some better strategy?
  • What is the calculation to conduct the attack to obtain the plaintext message?

I have a little problem with the mathematical logic in some aspects (is my bad asperger side). If anyone would be kind enough to explain this to me?

Ella Rose
  • 19,603
  • 6
  • 53
  • 101
Mekhalleh
  • 39
  • 3

1 Answers1

1

This post answers my first questions: RC4 Keystream Reconstruction

Because I integrate others informations to this problem.

The RC4 algorithm has some well-known vulnerabilities but it is not completely moldy. So, if I understand correctly, finding the initial encryption key even with the clear text is difficult (Principaly in this case, no reset rc4, key lenght, ...).

On the other hand I understand that I work on a similar challenge.

I have to decrypt a file of the same type: INTEL Hex Format

So, Drop-N routine or not, if I know the plaintext I know the associated XOR key.

Mekhalleh
  • 39
  • 3