Thread replies: 56
Thread images: 16
Thread images: 16
File: ss+(2017-06-26+at+12.33.27).png (119KB, 852x914px) Image search:
[Google]
119KB, 852x914px
Hey guys, so this small-ish youtuber that I was following has disappeared this morning, deleting pretty much any trace of him off the internet besides a few accounts (youtube and his own website). The only thing he left was an encrypted code and a poem, and I wondering if you guys could crack the encryption. I'll attach pertinent info and screenshots in the thread.
>>
File: ss+(2017-06-26+at+12.37.42).png (56KB, 618x622px) Image search:
[Google]
56KB, 618x622px
>>737013194
This is all that is left of his YouTube account
https://www .youtube. com/user/OMG1234Stefan/about
>>
File: ss+(2017-06-26+at+12.38.02).png (105KB, 305x775px) Image search:
[Google]
105KB, 305x775px
>>737013194
This is his website
http:// hitvid. net/Channel/sudostef/UCMwta-BxFTBWmYF86RODYaA
>>
copy paste the code here please I don't want to type it out
>>
>>737014679
part one
sudoSuicideSourceCode OEt2ckVkY3RYOEFDcWczVjNLQVBFcnlyZmVjTEJBWmFhSjFWcU5PQ3FPMWR2cllUQmdDbGZJL3h1eEsrM2d3JTNEd2UlM0QyQ2cvRkJ4Y0N5elFSY2daWnV4SmRFclBiQld5ZEFUcU9CTWNGZ3VRdTNJWVlFTkNrekpsaTMrQ0FBTkNjeldRRkVldyt6VEFyREpKRkVlWStmTllZcWQzTXZldzYwSmNOdWQ3T0JKS1R2RmZKQ0sxTjArQVJhV05ieUFaZkN1emVxVDFGZkxRNkNJaGl6Z2NXRGQ3WTN6aEgzcnd2WEp6eHlOUVNBeGY4ZmQxQjByZiUzRDArWWNFSnlPQkpLOHZNZklYSTF5Q0lGazBKUWU4OEE1RExRT0VXTnhEcno1Q3JrWTNKL09CTWN0QXp2MnllbkF2Tks4eU5Dc3Z6eWR6VENIdmV2Rw==
>>
>>737014679
trying to post the second part, its saying its spam
>>
>>737014679
part two
Encryption-Info: AES-128,CBC,PKCS5 Padding Key-Info: MD5,PBKDF2 HmacSHA1 Additional-Info: 1464415347382
>>
>>737014679
part two cont
NWgrsnH5lPzY1NMb9Ml77uLamlSZgEoMxiKga9ew6zkbwtpJUsp+KL8UFiDbjbgQzsnERwmG0JYM 97CvDjmKPSO0rw7fi10YJzV8UpmAjuwrl5tAxt
>>
>>737014679
>>737015385
part two cont
OZ1Rd9FuFX/nKy4LOHYPsqb1SQ4Kn5i0eMVVZ+ CT1IDcFn9czXI7gkEG6Cq2vncClXPp6RGdFUde8p6G/FZWbg5ODcIhoqJfh1DLTd0e4G3+UQTiwq nyL9UwgpJzjiSU8RLa2cgIDvfwmbtpLdvtWOrRdLAkIqDMgqqnOTNNc+G1oZeqCEjxTKoL5eygtF Tdvty13Q5OsfwtNPGmNa8d9tWB5WLrm05bTUMUqWsBKpcbDoLHRQE3rvKR3Bc7vwmuP+
>>
>>737014679
ignore my part two posts, 4chan thinks I'm spamming and wont let me post the entire code. I puushed a .txt with the entire code on it.
>>
File: ss+(2017-06-26+at+01.31.29).png (14KB, 298x238px) Image search:
[Google]
14KB, 298x238px
>>737014679
OK, it won't even let me link the .txt, so here's a screenshot of the link.
>>
>>737013194
i'm kind of confused.
the description says the solution was found, do we really still need to have a go at it?
>>
>>>/g/ might be of more help. Just mention that your AMD cpu could solve it faster than an Intel one
>>
>>737016696
From what I understand, Its said that since the beginning
>>
>>737016896
i could have a go at it then, problem is that i would either need to quickly find a lib with PBKDF2-SHA1 or add the implementation to my own, albeit i don't see any real benefit of doing that. i'll go look at the OpenSSL interface in the meantime.
>>
>>737016999
the PBKDF2-SHA1 signature is less complex than what i expected from OpenSSL, i guess it's time i'll have a go at it.
>>
File: 1498412948079.jpg (31KB, 400x400px) Image search:
[Google]
31KB, 400x400px
bump
i wanna see where this goes
>>
>>737017257
464-480 characters long
>>
some stuff from our discord
>>
my thoughts so far: one of the parts is encrypted, the other is used to derive the key.
definitions:
AES = AES-128-CBC(k, ct), where k=key and ct=ciphertext
KDF = MD5(PBKDF2-SHA1(k,p)), where k=key and p=password
i would guess the scheme is simply:
AES(KDF(1464415347382, [pt1 or pt2]), [the other pt])
if this is true, the result would be the plaintext we are looking for with some trailing PKCS5 padding, which could easily be removed.
working on an implementation now.
>>
>>737019968
i prefer to be called an ice cube tray
>>
File: a79wf78gahwf87u.jpg (60KB, 720x543px) Image search:
[Google]
60KB, 720x543px
>>737020085
>>
>>737020198
there ya go
>>
>>737016834
Kek
>>
>>737019863
actually i'm still missing an IV
>>
File: 0ntpipo.jpg (39KB, 1440x1341px) Image search:
[Google]
39KB, 1440x1341px
pmub
>>
>>737021581
any chance you can copypasta the base64 string?
>>
>>737021826
I'll see if it'll let me, worse comes to worse I'll have to screenshot the puush of the .txt again
>>
>>737021826
8KvrEdctX8ACqg3V3KAPEryrfecLBAZaaJ1VqNOCqO1dvrYTBgClfI/xuxK+3gw%3Dwe%3D2Cg/FBxcCyzQRcgZZuxJdErPbBWydATqOBMcFguQu3IYYENCkzJli3+CAANCczWQFEew+zTArDJJFEeY+fNYYqd3Mvew60JcNud7OBJKTvFfJCK1N0+ARaWNbyAZfCuzeqT1FfLQ6CIhizgcWDd7Y3zhH3rwvXJzxyNQSAxf8fd1B0rf%3D0+YcEJyOBJK8vMfIXI1yCIFk0JQe88A5DLQOEWNxDrz5CrkY3J/OBMctAzv2yenAvNK8yNCsvzydzTCHvevG
you mean this one, correct?
>>
>>737022336
yes, thank you
>>
>>737022474
did you want the base64 or the decoded one that I gave you?
>>
>>737022935
i'd have to decode it anyways to make something useful out of it*, and seeing as the first one got decoded to the base64 string you gave me (which decoded successfully to a 248-byte long binary string) i'd assume that it was doubly encoded, or could be the password parameter to PBKDF2-SHA1.
* = that's what i'm assuming, the author could be using reverse psychology with any of these base64 strings.
>>
>>737023457
bump
>>
pmub
>>
File: ss+(2017-06-26+at+03.29.42).png (53KB, 962x564px) Image search:
[Google]
53KB, 962x564px
>>737023457
from reddit
>>
it's not much, in fact it may not even be anything: https://github.com/icecubetray/sudostef
i'll see if i can work on it in the next few days as well, seems like a fun project.
>>
>>737025416
seems to be legit, i'll keep messing around tho.
>>
>>737025660
I appreciate your help, my dude
>>
>>737026548
my pleasure /b/rother, appreciate you sharing this as well.
just a pity i'm still loaded at work so i can't focus on or even start getting into cryptanalysis. i think i'll keep this project for future references, ya never know.
>>
bbbump
>>
>>737026923
So it is a walled street?
>>
Can someone please attempt to get in contact with him or any of his family, I"m calling people with the same first and last name now
>>
>>737027354
seems so, if anything it appears to be a tough nut to crack.
can't be sure since i don't have the experience, but considering the reddit comments i'd say it's most likely pointless to even keep attempting if your goal is to obtain the plaintext.
>>
>>737027668
Can u post reddit link?
>>
>>737028119
https://www. reddit. com/r/decipher/comments/6jlfsl/sudostef_youtuber_code/
>>
>>737028119
https://www.reddit.com/r/decipher/comments/6jlfsl/sudostef_youtuber_code/
>>
>>737027354
i mean one guaranteed way to get the plaintext is by bruteforcing both the key and the IV, which are both 16 bytes long. essentially you'd be looking at 256^32 possible key/iv combinations.
i'm not sure you'll live long enough, then again maybe you can throw a quantum computer at it eventually.
>>
this is what a certain sudoSTF posted on my reddit threat, the account got created and deleted within 20 min
466687836
>>
Bump, someone screen cap in case this turns into something
Thread posts: 56
Thread images: 16
Thread images: 16