How not to encrypt your files by Rani Hod

[Music] [Applause] [Music] [Applause] okay so uh thank you all for choosing the spend sorry sorry thank you all for choosing to spend the next 10 minutes with me my name is ronnie my day job is not in cyber i'm a faculty member here uh but today i'd like to share with you some of the fun that i had a few years ago with a homemade cipher so my talk is going to be on the lighter side we've seen we've heard the guys from cyber reason dealing with a very sophisticated attacker and shira also described a very sophisticated attack by nso i'm going to deal with a less sophisticated defender and and we're going to talk about

going to talk about uh streaming apps so who here uh uses this music streaming app to to hear which one okay so yes spotify and uh there are a few more so they here are the six most popular streaming apps in israel but how many of these were available here uh say 10 years ago that's right none wait a minute what do you mean not available here we all know how to bypass geographical limits that's we have vpns and whatnot but again you and i are not the average joe or jane so officially there was no options okay so time for a quick history lesson about the history of streaming so uh wait no sorry karen this is way

too early we said 10 years ago not 50 years ago and what was all this fm we said streaming apps so the first music streaming apps in israel were launched by mobile carriers so uh these companies they often try to provide added value for their stockholders or for their customers and it made little sense to continue offering uh ringtones for uh for for sale once people discovered the internet so first was telephone later came celcom and partner and they all had basically the same business model now you pay 10 to 20 shekels a month for unlimited access now the main selling point of these services was that streamed music did not was not counted towards your data plan which was

uh used to be very tiny back then i2 had a subscription to one of this service um don't worry i got it for free but then came big data plans and big global players from two slides ago and we all know how this ended so on a side note i hear israel is quite big with technology would you consider israel a music streaming state actor what do you say yes so actually that's a real thing but really we all know the mantra there ain't no such thing as a free lunch well we all had a free lunch right so the exception to this is when vcs are involved or in syria's case the government so in this case there were only two

catches one is that this was all songs were in hebrew and the second catch uh it's dead jim anyway we digress back to our streaming app so offline music that means it's not just pure streaming why can't we just download the the entire catalog oh dr m let me point out that bypassing drm per se is legal in israel or at least that's what my non-lawyer friend told me oh was that my non-friend lawyer never mind let's just have a quick look at what we have so here's an sqlite database with metadata about the songs and here's a bunch of high entropy files each approximately four megabytes in size and bearing the em3 file extension

what could that be naturally these files were not on the user accessible part of the sd card but what's user accessible so we have the apk should we just pull out the binary and reverse engineer the algorithm let's ask for an expert opinion actually why even bother with assembly code when we have the java decompiler right so we should pull out wait what have i absent-mindedly signed away my basic human right to reverse engineer oh well i'll guess we have to go out go get it without the source so high entropy cipher text is no surprise but this is the entropy of the supposed plain text so we don't have a lot to work with

anyway let's just have a look at the data at the first glass this doesn't look too promising but after comparing with a few more ciphertexts this is quite revealing and here's a plausible explanation it seems all files start with the common id3 tag moreover everything is encrypted with the very same key and this makes a really good point maybe i should start a campaign reduce your entropy footprint let your drm vendor know that you care but really let's just say that we somehow managed to acquire one matching plain text to a cipher text assuming that key is really used over again it means we can just extract the key and use it to decrypt all other files

we just need to figure out what exactly plus means in this context whether it's xor or byte edition or word edition or whatnot and this doesn't work uh these were a frighten a frustrating couple of hours so let's take a step back and take a second look at what we have based on the id3 tag header we have nine known bytes five of which are supposedly zeros and indeed if you look at the cipher around these bytes it seems a bit weird and also there's something wrong with the byte alignment since we don't expect the 10th the length field the one in purple to be all zeros you could uh have uh more interesting phenomena here if you look at the most

significant bit of each byte then it starts as zero for something like two lines and then switches to one so i'm sure i've seen this kind of behaviors somewhere before so pardon my french but uh who are you this necklace gentleman is blaze the visionaire inventor of the autokey cipher a funny story visioner his name is mostly associated with an earlier much weaker cipher invented by someone else so what is this auto key cipher autokey means we're using the previous psychic test characters as part of the encryption process so kind of like cbc mode but there's no block cipher involved i suspect this is because ciphertext because block ciphers did not exist in the 16th century

instead the round operation is simply addition or xor of the key with uh the block so in order to decrypt a plaintext block we just need two consecutive cipher blocks and the key block and obviously for the first one you have a special case you need something else our streaming app uses 16 bit blocks so that is exactly two bytes not too sophisticated and as you can see this is trivial to implement and the whole secret is basically four bytes two for the key and two for the iv all of which happen to be uh decimal digits so two one one eight i don't know if this has any meaning but maybe right so we have our code and we can run

decrypt our encrypted music file and uh play it uh do you have an appetite for destruction

yes so ladies and gentlemen thank you all for coming i'll be around if you want to chat thanks [Music] [Applause] you