The Generic Encryption Program (GEP)

Morte on 12/1/2009 at 08:59

Quote Posted by RavynousHunter

@Morte: Actually, I do use AES in my program, the .Net 3.5 framework has several very good tools to help me implement it. I added some obfuscation in there to add a little extra security.

This is more of a hobby project kind of thing, just something to toy around with, experiment with, and learn the ins and outs of cryptography and obfuscation. Some people learn best with books, some by lectures; I learn best by doing. Sure, I read into a given field somewhat, look up FAQs, papers, and other projects if I'm looking for help or guidance, but I like to do my own thing in lieu of just plunking down with the Big Book of {insert subject here} and work within the confines of the information given there.

Well, carry on then! I'm all in favor of learning by doing, but the encryption in the availible source made it seem like you were just flailing about without bothering to read up on the subject in the slightest first, which is just a waste time.

RavynousHunter on 12/1/2009 at 16:38

Actually, the way it works now is that it uses the FileMode.CreateOrAppend attribute when writing files, so it appends to an existing file, or creates a new one if one of the given name doesn't exist.

As for the filename, that's something of an anomaly, I haven't seen it yet in my run-thrus. Basically, what it does is that it searches backwards through the full path of a given file (ie: "C:\Downloads\Slickback.jpg.RH2") and looks for the first backslash. It then stores the filename in a string which then goes through another loop to remove the .RH2 extension, storing the result in another string.

Also, it doesn't "forget" the destination between encrypting and decrypting, they're two different controls, and I don't pass the Text property of one to the other as one changes.

Al_B on 12/1/2009 at 23:52

If you're having fun working on it and learning from it - that's great. When I look at some of my first programs I cringe, but they were essential in sometimes learning what not to do!

As far as your utility is concerned, at least you've got a framework to experiment with as you learn more.

Not that it's particularly important at this stage but at least keep in the back of your mind that .net applications are very easy to reverse engineer to get at the code unless you apply some form of obfuscation - and even then they're easier to analyse than native code applications. Going an extra step - you should NEVER rely on obfuscation as protection. It's probably best to assume that your source code (and any keys you have within it) is completely readible and in the open.

For example, get .net reflector (free) from (http://www.red-gate.com/products/reflector/) http://www.red-gate.com/products/reflector/ and you're only a few clicks away from your AES_Dec() function including your key and initialisation vector.

At the risk of sounding patronising, you may be interested in a quick way to extract the filename you need from the text in the listbox. Instead of searching and copying bits of the text to extract the filename you could replace quite a bit of code in cmdDecrypt_Click() with something like:

Code:

string OutputFileName = System.IO.Path.GetFileNameWithoutExtension(lstDecFiles.Items.ToString());

Anyway - good luck and enjoy your project.

RavynousHunter on 13/1/2009 at 22:11
Crap, must've missed that one! (the FilenameWithoutExtension thing, that is)

Also, I knew it'd be fairly easy to reverse-engineer, considering .Net compiles into bytecode instead of machine code.

RavynousHunter on 31/1/2009 at 02:00
As per one of Kolya's suggestions, I've added zipping functionality into v1.5 of the GEP. As always, you can find release notes (http://guildwars.wikia.com/wiki/User:RavynousHunter/GEP#1.5) here, and download (http://www.geocities.com/ravynousdezign/GEP_1.5.zip) here.

Thanks to Ionic for his most excellent DLL, which is far easier to understand and use than Microsoft's convoluted System.IO.Packaging namespace... Go figure.

Happy encrypting from all of me here at Ravynous Dezign! :thumb:

RavynousHunter on 26/3/2009 at 21:07
Damn, its been a while since I posted an update to the GEP. I've just had a lot to do, trying to get a job, working on other projects, and other such things. However, I have managed to fandangle a new release, v1.5 Revision 1.

(http://www.geocities.com/RavynousDezign/GEP_1.5_R1.zip) Download here

(http://guildwars.wikia.com/wiki/User:RavynousHunter/GEP#1.5_R1) Release Notes

General Four on 27/3/2009 at 19:13
Quote:
some horrid SS2/Thief amalgamation

Has anyone else noticed the Deus Ex Connection here?
The Rocket Launcher from Deus Ex was called the GEP Gun.

Reminds me..... DOCTORED GUNTHER HERMAN QUOTE!

"Encryption Programs are for combat"

:joke:

Marecki on 29/3/2009 at 22:26
given free tools such as e.g. GnuPG exist which provide the same end result with a much wider range of features (e.g. different ciphers to choose from, public-key encryption/decryption, sometimes steganography, ...) and less overhead (.Net? Are you kidding me? Then again I guess we should be grateful it's not Java) - but then I saw that post showing your "cipher". XOR with a fixed, 8-bit key? You should seriously read up on the subject if not before beginning to work on a crypto application, then at least before releasing it to the public and making yourself subject of ridicule. By the way, PLEASE do everyone a favour and write on your project page what encryption method you use - on one hand as dvrabel aptly demonstrated security through obscurity doesn't work (and even without looking at the source, cracking this sort of code takes mere seconds on modern hardware), on the other it may prevent hapless users from thinking your tool provides any real confidentiality.

PS. Ulukai: While learning through trial and error is certainly important, fields such as security are too sensitive to allow for silly mistakes - especially given books are available on- and off-line discussing best and worst practices of cryptography.

Kolya on 29/3/2009 at 22:45
Quote Posted by Marecki
You should seriously read up on the subject

You should seriously read the thread.
RavynousHunter has made it sufficiently clear that his interest is learning by doing, not to create a secure encryption program.

Marecki on 30/3/2009 at 04:04
Quote Posted by Kolya
You should seriously read the thread.
RavynousHunter has made it sufficiently clear that his interest is learning by doing, not to create a secure encryption program.

Allow me to answer in the form of an ordered list consisting of three points:

1. Whereas you should, for change, read his GEP's project page... I've just checked again, just to make sure, and there is no mention on it that this is a watch-me-learning program (whether such programs should be made public at all is a whole different story, which I'm going give a pass here). Moreover, there is of course that already-mentioned, small detail that the page in question doesn't mention AT ALL what encryption algorithms are used... Then again, maybe I'm just spoiled by working in software projects which have very strongly emphasised proper documenting :rolleyes: ;

2. Even if he is just learning it is my belief he should try to do it by the book rather than employing the gung-ho approach. That way he is less likely to learn bad practices;

3. (RavynousHunter, you can stop reading now) Pull that stick out of your rectum, Kolya.