GAO Encryption

[saxman]

I have designed an encryption/compression format I call GAO:

http://dgrove.blogspot.com/2006/10/gao-encryption.html

Now basically what my post says is the format doesn't compare to other popular compression formats like ZIP and RAR, but I wonder how well it works as a basic encryption format. So I wanna give anyone who knows how to use a hex editor a challenge... see if you can crack the format. I mention on my blog that if you can crack it and tell me how the format works before anyone else, you will get to test drive a ProSonic demo. It has to be done by Oct 27 though.

I'm hoping nobody can crack it, but that doesn't mean don't try -- I want anyone willing to give this a try to try their very best. Any below are two files:

ORIGINAL FILE

ENCRYPTED FILE

So is anyone willing to try and see if they can crack it? I'll tell you this -- the header is the first 8 bytes, but you don't have to try and figure out how the header works, just the encryption. Also, I didn't cheat by adding multiple layers of encryption -- it's a single layer so that it's only as vulnerable as the basic format will allow it to be.

BTW: I didn't really know where to put this, but I put it here since:

1 -- offering a ProSonic demo

2 -- I will probably use this for ProSonic's PZF files.

[Asuma]

Times like this I wish I knew Reverse-Engineering....

[Xoram]

Neat, cba though.

[Smidge204]

I mention on my blog that if you can crack it and tell me how the format works before anyone else, you will get to test drive a ProSonic demo. It has to be done by Oct 27 though.

Am I the only one who thinks this statement comes off as increadibly pretentious?

=Smidge=

[Xoram]

You're not.

[saxman]

You know, I'm sick of being criticized for what I say and how I say it. I have gotten it constantly on these forums. If that's all you can post, just shut up. Don't want to be rude, but I'm sick of trying to be really nice all the time when I get that kind of crap.

I thought since most people wouldn't want to try and crack my encryption which is really what I'm looking for, maybe I could 'offer' them something. But you have to try and step all over that idea too because I guess what I'm trying to offer isn't good enough for your taste. Well different people have different tastes. But the main message is -- either try to decrypt the thing or shut up.

[Dobermann]

Well.. Saxman, critics are always here! Just choose what you really want to read

Good luck!

[LarkSS]

Well.. Saxman, critics are always here!

I don't think he's talking about criticism, but more on people who seem to be commenting on the way he says or does things rather than keeping it to themselves and sticking to the topic.

[Smidge204]

SOMEONE seems a little sensitive today. The pretentious part I was referring to was "it must be done by Oct 27" - six days - as if it were some hardcore competition.

But if you feel that I'm somehow picking on you, then I might as well pick at the right thing.

Out output file is a whopping 909 bytes smaller than the input. (88.8% the original size). Not much of a compression ratio for a file that is mostly &H00.

Of course, the input file may be corrupted - unless it's supposed to contain what appears to be output from the encryption program.:

GAO Encryption Utility    (Oct 19, 2006)
by Damian Grove
========================================

r+b fin.bin Running GAO algorithm...   done!
Writing output file...   w+b fout.bin done!

ORIGINAL FILE
+ORIGINAL FILE+
Bits:   %i
Bytes:  %i

ENCRYPTED FILE
+ENCRYPTED FILE+
Encryption type:  %i-bit
File size ratio:  %f%%

Why this appears in the input file only you can say, but that certaintly doesn't look right to me... especially since it appears roughly in the middle of the file. If the input file is corrupt then the task is impossible anyway.

Not that it matters, because once the fial product is released there will be tons of more info to work with, more data sets and even access to the decoding/decompressing code, and possibly the encoding code as well. Therefore this doesn't reflect a real-world situation where the code might be cracked and is simply mental masturbation.

=Smidge=

[saxman]

You're right I am sensitive because apparently the words I choose always make headlines and covers up what I'm trying to discuss, because people like yourself make it that way. It must be a trend at these forums, because I never have that problem elsewhere. Perhaps I should go elsewhere.

Just because you have a program doesn't mean you can simply use it to figure out an encryption. Even with dozens of encrypted and decrypted sets of files to compare, it's not necessarily easy. Since I'll never release the source to this, nobody will ever see the actual code. Otherwise the files created with it wouldn't be very safe.

Both the input and output files are correct. What you found is no mistake. And 88.8% compression is also correct -- I already said it didn't compare to ZIP and RAR and other formats. But as a data encryption format, it might be valueable... unless it's extremely easy to crack (which is what I want to find out), in that case I'll consider going back to the drawing board.

[Smidge204]

Just because you have a program doesn't mean you can simply use it to figure out an encryption. Even with dozens of encrypted and decrypted sets of files to compare, it's not necessarily easy. Since I'll never release the source to this, nobody will ever see the actual code. Otherwise the files created with it wouldn't be very safe.

Don't write DRM software.

Having multiple sets of data usually does increase chance of decryption. It allows for the emergence of patterns. This is why schemes such as One-Time-Pad are amazingly effective for their simpliciy - patterns are quickly covered up from the random input. This is also why Enigma was so hard to crack, although eventually patterns emerged that allowed the British to construct a duplicate of the machine.

You also don't need the source to "see the actual code" - compiled programs can be reverse-engineered fairly easily, so unless you're using some deep magic in that cypher it's almost guaranteed to be cracked by inline disassembly of the program.

Both the input and output files are correct. What you found is no mistake. And 88.8% compression is also correct -- I already said it didn't compare to ZIP and RAR and other formats. But as a data encryption format, it might be valueable... unless it's extremely easy to crack (which is what I want to find out), in that case I'll consider going back to the drawing board.

If you say they're correct, then they are correct. You did say it wouldn't be fair to compare compression to ZIP or RAR, but to be honest that level of compression doesn't really compare to stuff you'd find in a freshman programming textbook. GZip, Huffman and LZW schemes are all free and readily available, lossless and highly optomized. Same goes for cyphers too, actually.

=Smidge=

[saxman]

You're telling me what to do and what not to do, but you haven't even attempted to crack the format yet. I have cracked formats and encryption before, I know what's involved. I'm not a genius at it by any means, but I understand it. You can't reverse engineer my code and figure out "this is what it does". It would take a long time with a typical program (Sonic compressions that were only cracked by figuring out the code in the games took many years), so it's not easy. But I'm smart enough to break apart the algorithm into segments to make it more scrambled and harder to piece together the assembly.

Now again, can you crack it or not? If you can, bravo. If not, why aren't you trying? This isn't about "how to properly design encryption", this is "try to crack it". So stop this foolish arrogance of yours. I'm tired of getting off-point replies from those who can do nothing but pick at dumb crap I didn't ask about (the words I use and how I say things is mainly what I'm pointing out, which become the discussion quite often at these forums), and I know others are tired of reading it too. I told you what I want out of this topic, so you either deal what the topic asks of you or stop blabbering to me about how I'm wrong and how you're incredibly smart (especially since you haven't even cracked the format yet).

[MidimanNull]

How I see it:

Saxman: Hey, think you can crack this encryption format? if you do it by October 27, you get somethinng nice.

Smidge: Hmm, by the 27? isnt that a little early?

Saxman: No its not, If you were trying, you wouldnt complain

Smidge: ..Excuse me?

Now, I dont want to be an ass, but what the hell Saxman? I mean, who here really CAN decrypt anything ( no offense to anyone who CAN, however ), heck, I can barely pass a sudoko puzzle, and your asking me to crack encryption?

Thats like going up to a person and saying: " Hey, go ahead and solve this puzzle, ill only give you 1 clue, out of 1000, and if you finish in time, you get a treat which everyone SHOULD be able to enjoy, but only you will "

As such, I dont think ill be warranting much information into ProSonic if its all bribery for information, I mean, if your so MAD that were not investing knowledge in encryption and decryption, why bother insulting us? I also see your mad at Smidge, who picked at the time limit I dont know if you know this, and Im probably qouting the wrong information here, but on an average, doesnt it take at LEAST a week to figure encryption out?

and all of us, and I mean ALL of us dont have a WEEK to do this, since we have school projects, girlfriends ( boyfriends for the 3 females on this board, who probably have Boyfriends, duh ), lives, and other things. we just cant invest time to figure out encryption, and on a Sunday? HAHA.

If I knew jack ____ about this, I might be interested, but.. I dont, so im not.

If YOU find this offensive in anyway, and you are NOT Saxman, you can just as well shut the f*ck up, because no-one needs to hear a counter-opinion of an opinion on a very unneccesary argument

[Smidge204]

Now now, that's not exactly true either Midiman. Although it's pretty close.

As to why I'm not trying to break the cypher: The effort it would take at this point outweighs (by a very, very large margain) any benefit I would recieve from doing so. I can get more rewarding things done with my time.

I considered that maybe saxman is also the kind of person who likes to make his time profitable, so I'm suggesting he not invest so much time and effort into creating a compression/cypher system that is destine to failure: either it never becomes popular enough for anyone to give a crap and try to crack it (the whole project flops), or someone will crack it (project is successful, by cypher fails).

So I suggest that there are already plenty of existing systems out there, which you can literally #include into your project and be done with it, that offer just as good if not better performance and security.

But maybe I was wrong, and the cocksize++; he'll get from making his own cypher outweighs the cost of time and effort put into it. I'll admit that I put a lot of time into fruitless projects just because they are fun. Maybe, for saxman, this is one of them.

This is the kind of thing I'd put minimal effort into, though, so I suggested alternatives.

=Smidge=

[Epon]

I think what this all comes down to is the lack of interest on this forum about this topic. A good 95% of the people here use a scripting program to make videogames, the odds are most of them don't know the first thing about data structures and algorithm studies even on a basic scale.

Other forums would probably yield better results on your quest to see if someone can figure it out, atleast in the efficient time period.

I'm not gonna even address the disagreement between you and Smidge. That's for you two to talk about.

[saxman]

Here's a list of what I've seen at the forums from some people:

- Complaining occured when I said "Sonic engine to end all Sonic engines". That was just a big "click me" whoring topic title... big deal right? Yeah apparently that was the case and there was plenty of discussion over that.

- Complaining also occured when I did that little spoof version of the SatAM game I talked a little about. I can understand how I probably should have put up a better disclaimer, but people again blew it out of proportion. I was scolded over an innocent and understandable mistake.

- I give people a week to do this in hope maybe there would be a few individuals willing to try the encryption. Now the offensive part isn't the lack of interest that is evident, it's that somehow me stating a week gets more attention than anything else. I would rather have 0 replies than to have someone point that out. So I reacted... then has the nerve to continue talking about something I don't care anything about.

- A few other examples... that should be enough to give you an idea though.

So anyone want to know why I got so jumpy? It's because of the crap I've seen around here before. And heck, newbie bashing on occasions has been a big turnoff for me too.

I am not going to call this a terrible place -- I've been to some of them, but I really just don't like some of the 'elitist' attitudes around here that I have seen before and saw again this time. It might look small to someone like Midiman, but I for one am tired of it because I've seen a little too much of it over the time I've been here. And why a person can't make a topic where someone won't reply UNLESS a certain person wants to criticize me for something that isn't even the focus of the topic, beats me.

I'm suggesting he not invest so much time and effort into creating a compression/cypher system that is destine to failure: either it never becomes popular enough for anyone to give a crap and try to crack it (the whole project flops), or someone will crack it (project is successful, by cypher fails).

You haven't tried it, how can you make a claim? See this is what I'm saying right here -- I can't get a reply out of you that isn't criticism. It's ALWAYS criticism. If you don't reply, that'd be a whole lot better. I'm very largely open to criticism as I have demonstrated many times on these forums, but you're going too far with it when all you ever bother to say in a topic like this is criticism. That's why your first post got me fired up -- didn't have any interest in saying anything else that I was interested in hearing, but you had to point out that somehow I was trying to hype stuff. I can handle this criticism a couple times, but I've gotten this too many times at SFGHQ to deal with it lightly.

It's time for me to go somewhere more grown-up (like the other forums I already visit), so goodbye SFGHQ.

[MidimanNull]

Peace out, dawg

Oh seriously, come back when you can take ALOT of critisim, and answer every question and situation we can think of and throw atcha.

[Rael0505]

YOU KIDS BEHAVE OR I'LL PUT YOU IN TIME OUT

d

[SupaChao]

To be honest, thats a pretty sad reason to leave. Then again, I have seen worse. Hope your more "grown-up" places can provide you with logical critism on matters.

Don't forget "grown-ups" are pretty harsh sometimes too. Reality might just bite you in the ass.

Enjoy your life elsewhere.

[Aaron C-T]

Erm.. what the hell just happened. All this? Over a contest? The feck? Damn. Even when I flip out and make 3 page rants, it doesn't end up being as hostile as this, and people don't end up leaving. Err.. I don't feel like reading through everything, so I'll take a different approach.

Midi: I had my hair cut like that during 10th grade. It was pimp until I got tired of looking like an idiot, at which point I grew my hair back out.

::Lock::