From msuinfo!uwm.edu!zaphod.mps.ohio-state.edu!cs.utexas.edu!sun-barr!olivea!uunet!mnemosyne.cs.du.edu!nyx!rwirthli Fri Apr 2 17:47:28 1993 Path: msuinfo!uwm.edu!zaphod.mps.ohio-state.edu!cs.utexas.edu!sun-barr!olivea!uunet!mnemosyne.cs.du.edu!nyx!rwirthli From: rwirthli@nyx.cs.du.edu (Ralph Wirthlin) Newsgroups: sci.crypt Subject: ARJ Encryption Summary: Method of attacking arj encrypted files Keywords: arj encrypt descrypt Message-ID: <1993Mar30.172806.12839@mnemosyne.cs.du.edu> Date: 30 Mar 93 17:28:06 GMT Sender: usenet@mnemosyne.cs.du.edu (netnews admin account) Organization: University of Denver, Dept. of Math & Comp. Sci. Lines: 239 I'm forwarding this sci.crypt for those who may be interested and don't know how the ARJ encryption works. Please don't flame me, I'm not a professional mathematician nor a cryptologist, just someone who was given the right incentive ($$$ :)) to figure out how it works and retrieve a critical file. I know there are those who already know how it works, so you may safely ignore this post > > Hi, my name is John. > Someone told me that you are able to find the password on a ARJ file. > Could you please tell me how? > > Cheers...John. > I'm forwarding a document on the internal structure of .ARJ after the discussion. ARJ encrypts a file by using a simple XOR on a permutation of the password with the text to be encrypted (in this case the compressed file). This permutation of the password is done by XORing each character of the password with some constant that seems to depend on the current clock count. This last point isn't too critical since ARJ stores the value of the count in the local file header of the encrypted file. So .... A = password B = compressed text to be encrypted A' = permuted password B' = encrypted compressed text C = constant ^ = XOR A' = A ^ C B' = B ^ A' So how do we decrypt? Well, let's solve A = A' ^ C A' = B' ^ B ==> A = C ^ B ^ B' We already know C and B', the problem is that we need B (the compressed plaintext) in order to find the password (which is probably why you asked the question in the first place, to get back the compressed plaintext). If you have an old copy of the plaintext or can make an *extremely* good guess of the initial contents of the plaintext, you can compress the plaintext without encryption (B) and then you *should* be able to generate the password as demonstrated above (or at least most of the characters in the password). Then it will take some good old-fashioned deductive-logic and eyeballing to get the length and the rest of the password. This last part is important if you don't have the original plaintext. Hope this helps, Ralph ARJ TECHNICAL INFORMATION January 1992 ** IMPORTANT NEWS **************************************************** There is an extended header bug in older versions of ARJ, AV.C and UNARJ.C. The extended header processing in read_header() should skip 4 bytes for the extended header CRC and not 2. This is NOT a current problem as no versions of ARJ use the extended header. ********************************************************************** Modification history: Date Description of modification: -------- ------------------------------------------------------------ 12/03/91 Added BACKUP flag to header arj flags. 11/21/91 Described the two types of headers separately. 11/11/91 Added information about the change in text mode processing. 06/28/91 Added several new HOST OS numbers. 05/19/91 Improved the description of extended header processing. 05/11/91 Simplified this document. Added volume label type. 03/11/91 Added directory file type. 02/23/91 Added more comments. 01/10/91 Corrected timestamp description and header order of file mode. 10/30/90 Corrected values of flags in ARJ flags. ARJ archives contains two types of header blocks: Archive main header - This is located at the head of the archive Local file header - This is located before each archived file Structure of main header (low order byte first): Bytes Description ----- ------------------------------------------------------------------- 2 header id (main and local file) = 0xEA60 or 60000U 2 basic header size (from 'first_hdr_size' thru 'comment' below) = first_hdr_size + strlen(filename) + 1 + strlen(comment) + 1 = 0 if end of archive 1 first_hdr_size (size up to and including 'extra data') 1 archiver version number 1 minimum archiver version to extract 1 host OS (0 = MSDOS, 1 = PRIMOS, 2 = UNIX, 3 = AMIGA, 4 = MAC-OS) (5 = OS/2, 6 = APPLE GS, 7 = ATARI ST, 8 = NEXT) (9 = VAX VMS) 1 arj flags (0x01 = NOT USED) (0x02 = RESERVED) (0x04 = VOLUME_FLAG) indicates presence of succeeding volume (0x08 = NOT USED) (0x10 = PATHSYM_FLAG) indicates archive name translated ("\" changed to "/") (0x20 = BACKUP_FLAG) indicates backup type archive 1 reserved 1 file type (2 = comment header) 1 reserved 4 date time when original archive was created 4 reserved 4 reserved 4 reserved 2 filespec position in filename 2 (currently not used) 2 (currently not used) ? (currently none) ? filename of archive when created (null-terminated string) ? archive comment (null-terminated string) 4 basic header CRC 2 1st extended header size (0 if none) ? 1st extended header (currently not used) 4 1st extended header's CRC (not present when 0 extended header size) Structure of local file header (low order byte first): Bytes Description ----- ------------------------------------------------------------------- 2 header id (main and local file) = 0xEA60 or 60000U 2 basic header size (from 'first_hdr_size' thru 'comment' below) = first_hdr_size + strlen(filename) + 1 + strlen(comment) + 1 = 0 if end of archive 1 first_hdr_size (size up to and including 'extra data') 1 archiver version number 1 minimum archiver version to extract 1 host OS (0 = MSDOS, 1 = PRIMOS, 2 = UNIX, 3 = AMIGA, 4 = MAC-OS) (5 = OS/2, 6 = APPLE GS, 7 = ATARI ST, 8 = NEXT) (9 = VAX VMS) 1 arj flags (0x01 = GARBLED_FLAG) indicates passworded file (0x02 = RESERVED) (0x04 = VOLUME_FLAG) indicates continued file to next volume (file is split) (0x08 = EXTFILE_FLAG) indicates file starting position field (for split files) (0x10 = PATHSYM_FLAG) indicates filename translated ("\" changed to "/") (0x20 = BACKUP_FLAG) indicates file marked as backup 1 method (0 = stored, 1 = compressed most ... 4 compressed fastest) 1 file type (0 = binary, 1 = 7-bit text) (3 = directory, 4 = volume label) 1 value used to xor against password 4 date time modified 4 compressed size 4 original size (this will be different for text mode compression) 4 original file's CRC 2 filespec position in filename 2 file access mode 2 host data (currently not used) ? extra data 4 bytes for extended file starting position when used (this is present when EXTFILE_FLAG is set) ? filename (null-terminated string) ? comment (null-terminated string) 4 basic header CRC 2 1st extended header size (0 if none) ? 1st extended header (currently not used) 4 1st extended header's CRC (not present when 0 extended header size) ... ? compressed file Time stamp format: 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 |<---- year-1980 --->|<- month ->|<--- day ---->| 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 |<--- hour --->|<---- minute --->|<- second/2 ->| Compression methods: ARJ methods 1 to 3 use Lempel-Ziv 77 sliding window with static Huffman encoding. ARJ method 4 uses Lempel-Ziv 77 sliding window with pointer/length unary encoding. There is one decoder for methods 1 to 3 and one decoder for method 4. Encryption technology: ARJ does NOT use DES encryption algorithms. It uses a combination of simple exclusive-or operations. Text mode processing: As of ARJ 2.30 and UNARJ 2.30, files archived with the -t1 option will not have the 8th bit stripped unless the file is extracted to a different platform than the original one. Therefore, it is now possible to use ARJ to compress 8-bit text files in text mode and extract them back in 8-bit mode. end of document