I need to decrypt an encrypted file with RC4 to answer to a Internet challenge.
The file in question is a dump of a Teensy ROM and it is completely encrypted.
Luckily, it looks like it's a standard Intel HEX format.
For the example, a clear file taken at random:
:1000000001C100001DC100001BC1000019C100009A
:1000100017C1000015C1000013C1000011C100008C
:100020000FC100000DC100000C94D80A09C10000E6
:1000300007C1000005C1000003C1000001C10000AC
:10004000FFC00000FDC00000FBC00000F9C00000C0
:10005000F7C00000F5C00000F3C00000F1C00000D0
:10006000EFC000000C9442090C941309E9C0000091
:10007000E7C00000E5C00000E3C00000E1C00000F0
:10008000DFC00000DDC00000DBC00000D9C0000000
:10009000D7C00000D5C00000CA0BEC0BD10CEC0B94
I can deduce some of the XOR keys used for the first 9 bytes for example (:10000000) but also for all others (:10001000, :10002000, the return characters of each line, ...).
I started with a somewhat generic question because I am not an expert in cryptography about a "bad" implementation of RC4. But we must believe that it was not the right steps.
I tested approaches like bruteforce attack. But with a key of 256 characters apart from making the concatenation of words hoping that the password is formed in this way. But do not appear!
I dropped the "standard" attacks based on WEP/RC4 or SSL/RC4 because I did not find any corelation with my problem.
So, is it possible to decrypt a text encrypt with RC4 without even knowing the encryption key?
Taking into consideration the Intel HEX file format:
- characters 0-F this is a .hex
- because of its structure, checksum at the end of each line and the normalization of the line break, ...
I have not found much about the possibilities of decrypting a file with RC4 when we know only part of the plaintext.
I do not know if all teensy dumps start with the same 9 first bytes. But the first and the last bytes of each line can be known.
Now is it possible to decipher the rest?
