1

I want to find internal state of RC4 by brute force array value of RC4 but I'm not sure how to brute force it.

#include <stdio.h>
#include <string.h>

typedef unsigned long ULONG;

void rc4_init(unsigned char *s, unsigned char *key, unsigned long Len) 
{
    int i = 0, j = 0;
    char k[256] = { 0 };
    unsigned char tmp = 0;
    for (i = 0; i<256; i++) {
        s[i] = i;
        k[i] = key[i%Len];
    }
    for (i = 0; i<256; i++) {
        j = (j + s[i] + k[i]) % 256;
        tmp = s[i];
        s[i] = s[j]; 
        s[j] = tmp;
    }
}

void rc4_crypt(unsigned char *s, unsigned char *Data, unsigned long Len)
{
    int i = 0, j = 0, t = 0;
    unsigned long k = 0;
    unsigned char tmp;
    for (k = 0; k<Len; k++) {
        i = (i + 1) % 256;
        j = (j + s[i]) % 256;
        tmp = s[i];
        s[i] = s[j]; 
        s[j] = tmp;
        t = (s[i] + s[j]) % 256;
        Data[k] ^= s[t];
        printf("%d\n ", Data[k] ^= s[t]);  //May be I have to brute force here
    }
}

int main()
{
    unsigned char s[256] = { 0 }; //S-box
    char key[256] = { "12345678" };
    char pData[512] = "testRC4";
    ULONG len = strlen(pData);
    printf("key : %s\n", key);
    printf("raw : %s\n", pData);

    rc4_init(s, (unsigned char *)key, strlen(key)); 
    rc4_crypt(s, (unsigned char *)pData, len);
    printf("encrypt  : %s\n", pData);

    rc4_init(s, (unsigned char *)key, strlen(key)); 
    rc4_crypt(s, (unsigned char *)pData, len);
    printf("decrypt  : %s\n", pData);
    getchar();
    return 0;
}

At line printf("%d\n ", Data[k] ^= s[t]); show value like this .

116 , 101 , 115 , 116 , 82 , 67 , 52

I'm not sure I have to brute force this value or what line I have to edit for brute force for find internal state of RC4 . please help me.

user572575
  • 1,009
  • 3
  • 25
  • 45
  • `Data[k] ^= s[t]; printf("%d\n ", Data[k] ^= s[t]);` prints `Data[k]` and don't modify it. Is it what you want to do? – MikeCAT Oct 12 '15 at 13:41

1 Answers1

0

116, 101, 115, 116, 82, 67, 52 is ascii for "testRC4", i.e., your unencrypted value

Your printf() statement is actually changing your data back to the original due to...

Data[t] ^= s[t]

It is both an assignment and has an r-value. So, you are first changing Data[t], then taking the new value and printing it. But just prior, you set the value with the same expression. ((N ^ Y) ^ Y) == N.

Change your printf to...

printf("%d\n",Data[t]);
Les
  • 10,335
  • 4
  • 40
  • 60