where this type of reverse engineering has been performed in order to achieve
interoperability between the data formats of popular commercial products.
Consider Microsoft Word for example. This program has an undocumented
file format (the famous .docformat), so in order for third-party programs to
be able to open or create .docfiles (and there are actually quite a few pro-
grams that do that) someone had to reverse engineer the Microsoft Word file
format. This is exactly the type of reverse engineering demonstrated in this
chapter.Cryptex
Cryptex is a little program I’ve written as a data reverse-engineering exercise.
It is basically a command-line data encryption tool that can encrypt files using
a password. In this chapter, you will be analyzing the Cryptex file format up to
the point where you could theoretically write a program that reads or writes
into such files. I will also take this opportunity to demonstrate how you can
use reversing techniques to evaluate the level of security offered by these types
of programs.
Cryptex manages archive files (with the extension .crx) that can contain
multiple encrypted files, just like other file archiving formats such as Zip, and
so on. Cryptex supports adding an unlimited number of files into a single
archive. The size of each individual file and of the archive itself is unlimited.
Cryptex encrypts files using the 3DES encryption algorithm. 3DES is an
enhanced version of the original (and extremely popular) DES algorithm,
designed by IBM in 1976. The basic DES (Data Encryption Standard) algorithm
uses a 56-bit key to encrypt data. Because modern computers can relatively
easily find a 56-bit key using brute-force methods, the keys must be made
longer. The 3DES algorithm simply uses three different 56-bit keys and
encrypts the plaintext three times using the original DES algorithm, each time
with a different key.
3DES (or triple-DES) effectively uses a 168-bit key (56 times 3). In Cryptex,
this key is produced from a textual password supplied while running the pro-
gram. The actual level of security obtained by using the program depends
heavily on the passwords used. On one hand, if you encrypt files using a triv-
ial password such as “12345” or your own name, you will gain very little secu-
rity because it would be trivial to implement a dictionary-based brute-force
attack and easily recover the decryption key. If, on the other hand, you use
long and unpredictable passwords such as “j8&1`#:#mAkQ)d*” and keep
those passwords safe, Cryptex would actually provide a fairly high level of
security.200 Chapter 6