How to analyse RBT table?

evrenbiss

Banned
Messages
43
-Crypt8 Calculator2 added
you can now calculate B8hx00h, B8hxFFh and B8hx03000h crypt8 values for cw's given in a txt.file

_https://mega.nz/#!ps4DzQKR!I7yMG01DFq155aLSxnApc6MFEWGZ9JLJFEwhc4zEzL0

how does this software extract the key from rbt
 
C

campag5242

@evrenbiss that software does not extract the "key from rbt".

Instead, it calculates what crypt8 values ought to be seen for those CWs written in a text file ie CW -> Crypt8.

The reverse process, Crypt8 -> CW, requires a look-up table of one form or another. You might use this tool to make such a look-up table, but to cover all possible 2^48 keys it will take ridiculously large amounts of disk space.

That's why rainbow tables were invented - the look-up table is stored in chains, where only the start & end values are stored. In Colibri's V1, chains are 65536 links long, so the storage requirement is something like 65536 x smaller.
 

xosef1234

Registered
Messages
107
RBTedit v2.5

-Crypt8 Calculator and Crypt8 Calculator2 improved
no external library necessary anymore


-CW Lookup added
The procedure is as follows:
-create your database with the help of Crypt8 Calculator2 (e.g. use the CW_Brute_List from shishmish to create your database; it took 30min for me!)
-now select this database in CW Lookup and insert the C8 to be looked up


Thanks to shishmish for his great work!!!



_https://mega.nz/#!FlwwEI4Z!Ytt-JO5PYa3qAWoSoECxkMZ9SIkONJQIS6YAMmkcreg


PS: it is clear that this lookup table cannot replace Colibri's RainbowTables
 

jan55

Member
Messages
4,266
Big THX to xosef1234 for all tools in RBTedit v2.5.
Now with the Crypt8 Calculator2 tool you can create a new CW_Brute_list-c8.txt list from CW_Brute_list.txt . The new CW Lookup tool will be able to find CW based on the already obtained C8 from the new CW_Brute_list-c8.txt list in a few seconds, of course if CW exists in "CW_Brute_list"!
To you - xosef1234, Great, great work and great help to members . All the congrat's for this tool RBTedit v2.5. Thanks very much!
 

jan55

Member
Messages
4,266
"Crypt8 Calculator2" tool create (first) "CW_Brute_list_2018-c8.txt" file (785 MB) from my
"CW_Brute_list_2018.txt" file (contain 11,379.080 CW)-159 MB in time than 40 min. (for my PC).

Here is download link of "CW_Brute_list_2018-c8.txt" file ( .rar file - 373 MB) - time to upload file: 1 hour :(
With the use of the new "CW Lookup" tool in the new tools "RBTedit v2.5" by xosef1234 you can find CW in few seconds (of course if you have correct C8-B8hx00h,B8hxFFh or B8hx030000h and if CW exist in "CW_Brute_list_2018" file).

Again THX very much to xosef1234 !

example:

first - "Crypt8 Calculator2" tool:

create "CW_Brute_list_2018-c8.txt" file





second - "CW Lookup" tool:

C8: http://www.sat-universe.com/showpost.php?p=2036939734&postcount=39188
find CW

 

cayoenrique

Member
Messages
475
I am still with problems in my internet.
And I have not figure out how this cloud in rusian woks. I can not download from it!

But in any case, people see how smart thinking ( out of the box) can let you improve things?

They took a process of a few minutes and now it is

"CW in few seconds"

My thanks to xosef1234 and the good list by shishmish. I will test it when I have time and able to download from link. Keep the good work.
 

cayoenrique

Member
Messages
475
Forgive my ignorance, are you saying that a single crypt 8 produced 3 keys?:confused:

I have not test, this app. But I have no reason not trust Motogato analysis about 00h,ffh,03h in this particular case. Well is is simple to corroborate just use CW to create the 00h,ffh,03h crypto.

Now even when I agree with him, there are supposedly limited cases where two or various CW keys produce same solution! This is called "collisions" in crypto see

_https://en.wikipedia.org/wiki/Hash_collision

And this may explained why there are so many duplicate endings in the RBT V1. And is also the reason why Colibri add a value to the key every-time a round is produce in the RBT. His intention is to prevent such collision but we can see that it did not have got good results. Then he produce smaller V2 RBT rounds. Less length, less chance of collisions. Clearly main objective was for speed.
 
Last edited:

Motogato

Registered
Messages
326
One single CW produced this all crypt8...

CW: 15 FA 53 62 50 1C 38 A4

Crypt8-B8hx00h: AF DC 19 B4 49 49 CB F6
Crypt8-B0hx00h: 45 0B A2 4A 57 AA 52 4D
Crypt8-A8hx00h: 4C B6 56 88 59 6E 9A 87
Crypt8-A0hx00h: 96 37 A7 0F 06 0B 53 CB
Crypt8-98hx00h: 43 6B BE 2A 94 9B AC 68
Crypt8-90hx00h: 68 53 14 74 94 D5 03 0C
Crypt8-88hx00h: 05 55 15 3B F3 D6 43 14
Crypt8-80hx00h: F0 59 4E E5 C4 8E E0 45
Crypt8-78hx00h: CC A3 D7 2F 2F A7 54 D5
Crypt8-70hx00h: 52 6A DC B2 88 91 82 FE
Crypt8-68hx00h: 3C 23 B0 0B 0C 8C D9 BC
Crypt8-60hx00h: 30 81 DC 7E CD 19 CB 4F
Crypt8-58hx00h: AC 0E 01 16 08 73 6D DE
Crypt8-50hx00h: BA D2 E7 E9 86 11 DD BA
Crypt8-48hx00h: BB D6 E5 DF 44 EC 71 EE
Crypt8-40hx00h: E8 2D C2 0A C5 8D 87 A6
Crypt8-38hx00h: 29 CD FC 8E 9A 98 02 09
Crypt8-30hx00h: A9 3D 7A 60 9D A1 D8 47
Crypt8-28hx00h: 70 29 48 D8 9D 67 9B 10
Crypt8-20hx00h: 61 4E B8 E8 6E 19 25 EE
Crypt8-18hx00h: A4 1E 5E EC 8F B5 9E 62
Crypt8-10hx00h: 9E 40 65 FD BC 77 CB 05
Crypt8-08hx00h: 2B 33 ED ED 5F A7 D6 15

Crypt8-B8hxFFh: 32 9B 98 0B DE 92 71 7A
Crypt8-B0hxFFh: B6 52 47 87 4C 7D 8A 2F
Crypt8-A8hxFFh: 58 51 C7 7F E0 2B 9F 70
Crypt8-A0hxFFh: 8C A9 5B D1 57 EC D8 78
Crypt8-98hxFFh: D0 8A 5F D8 1D 9D 7F AE
Crypt8-90hxFFh: 51 87 88 74 3D BE 49 9B
Crypt8-88hxFFh: 31 52 CB 72 01 70 45 55
Crypt8-80hxFFh: FC FA DB E9 FC A6 A8 18
Crypt8-78hxFFh: 1A 94 09 34 B6 47 1B 1E
Crypt8-70hxFFh: 0A 3B 14 75 76 C0 0A D8
Crypt8-68hxFFh: D8 4B 04 9C 79 19 D2 3A
Crypt8-60hxFFh: 68 21 F0 E7 34 52 93 7B
Crypt8-58hxFFh: 3B A2 89 B3 DB 0A 92 43
Crypt8-50hxFFh: A3 67 4F 44 25 3F 69 71
Crypt8-48hxFFh: 7A 2A 47 EF F3 A0 06 A3
Crypt8-40hxFFh: CE F5 05 3C 27 A6 84 D4
Crypt8-38hxFFh: 34 AF 17 BE DD 1D 6A F9
Crypt8-30hxFFh: B7 0E 08 F0 42 07 27 FC
Crypt8-28hxFFh: D9 3A 41 2E 17 C9 5F B3
Crypt8-20hxFFh: 32 AB 77 42 30 81 3B 2E
Crypt8-18hxFFh: 6A 26 89 B0 AD 53 44 77
Crypt8-10hxFFh: 8A AB 78 5B AF CC FB 08
Crypt8-08hxFFh: 8D E4 19 2E 20 0A D0 40

Crypt8-B8hx030000h: 5C BA C8 BA D0 5D B4 58
Crypt8-B0hx030000h: E6 F3 63 8D A2 AA 13 EA
Crypt8-A8hx030000h: 2F FA 3E 44 5F 60 29 91
Crypt8-A0hx030000h: E2 C2 E3 CB CA 3C 25 E0
Crypt8-98hx030000h: 01 7B F0 DE 95 A7 6F 83
Crypt8-90hx030000h: 99 DB C2 6A E8 D4 3E 3F
Crypt8-88hx030000h: 02 A5 BE AA 8E 49 3E 70
Crypt8-80hx030000h: AC 2F D2 5D E5 CE 7C 1E
Crypt8-78hx030000h: 88 7E 36 9F 42 FA B0 1F
Crypt8-70hx030000h: 21 CF AF DA B6 6A DF 92
Crypt8-68hx030000h: 02 81 1D 89 7B 19 31 98
Crypt8-60hx030000h: E7 A0 E2 EF 58 50 7E 89
Crypt8-58hx030000h: E8 C5 7F 11 1E 24 FD CC
Crypt8-50hx030000h: 31 E0 19 98 B9 DD 9F 59
Crypt8-48hx030000h: 91 15 03 84 F0 29 7D 1B
Crypt8-40hx030000h: 4C 75 B6 3B 64 90 46 02
Crypt8-38hx030000h: D6 B2 C3 AA 38 A2 A8 EC
Crypt8-30hx030000h: 82 28 DB CC 80 4E E5 24
Crypt8-28hx030000h: BD C0 8C 44 9D D1 A7 62
Crypt8-20hx030000h: A4 E6 99 74 8D 27 D2 AE
Crypt8-18hx030000h: 75 BE 6A D9 32 99 91 98
Crypt8-10hx030000h: BF 38 64 90 BC 6B 23 06
Crypt8-08hx030000h: 91 D1 98 42 D4 08 4E 59
 

cayoenrique

Member
Messages
475
Wao I realize I did make an error.
Well it is true that some crypt may produce Hash_collision and possibly CSA is one of them. This is effect is that a 2 different CW will SINGLE encrypt to same value. Now to be honest I never has seem that rear occurrence in CSA.
Now what I was talking about RBT is that they are produce in chains of encryption. Now by design RBT are that 1 single CW encrypted and re encrypted the out put. We call that sequence a chain. In V1 Chains are I think 0x10000 long. Or about 65536. So if that chain do not loop or have imperfection like repeating a cw very fast.
Well then a CW in RBT V1 has 65536 cryptos. Yes a lots.

I hope I did not confuse you guys.
 

xosef1234

Registered
Messages
107
Wao I realize I did make an error.
Well it is true that some crypt may produce Hash_collision and possibly CSA is one of them. This is effect is that a 2 different CW will SINGLE encrypt to same value. Now to be honest I never has seem that rear occurrence in CSA.
The collision comes from the reduction from 8bytes to 6bytes during calculation of the chains. A reduction function is e.g. to omit the bytes 7 and 8. The collision is then obvious:
Code:
12 34 56 78 9A BC DE F0 => 12 34 56 78 9A BC
12 34 56 78 9A BC 10 54 => 12 34 56 78 9A BC
So if that chain do not loop or have imperfection like repeating a cw very fast.
Well then a CW in RBT V1 has 65536 cryptos. Yes a lots.
I guess, there is something mixed up:
the calculated values in a chain are crypt8 values but not from one single cw; each crypt8 value is converted into a new cw; the new crypt8 value is calculated for this new cw ....
Crypt8 values for one single cw depend on the payload and the payload size and therefore you can have a lot more (~( 2^(184x8))x23 )
 
C

campag5242

The collision comes from the reduction from 8bytes to 6bytes during calculation of the chains. A reduction function is e.g. to omit the bytes 7 and 8. The collision is then obvious:
Code:
12 34 56 78 9A BC DE F0 => 12 34 56 78 9A BC
12 34 56 78 9A BC 10 54 => 12 34 56 78 9A BC

...and that's where the rainbow part comes in... after discarding the last two bytes, the truncated 12 34 56 78 9A BC values are XOR'd with the round number (or link position in chain). Only if the values occur at the *same link position / round number* do you have a merging of chains. If not, both chains continue to meander down different paths of C8->CW links, thanks to the rainbow element of the reduction function.

Crypt8 values for one single cw depend on the payload and the payload size and therefore you can have a lot more (~( 2^(184x8))x23 )

Only the first 8 bytes of the encrytped payload are crypt8 values... (the rest of the payload is further mangled with the stream cypher, not pure block cypher like the initial 8 bytes). So this ~( 2^(184x8))x23 figure makes no sense... the count of possible Crypt8s per plaintype_payload_length is exactly the same as the keyspace, 2^48. Or 2^48 x 23 for all possible lengths of one plaintype.
 
Last edited:

cayoenrique

Member
Messages
475
I am not trying to correct anyone. I conciser all of you masters. In fact what I have learn is from your own old post and marawan and kebien post some where hidden here.

But keep in mind my response figure is about v1 chain length when I said "a CW in RBT V1 has 65536 cryptos"

Sure in theory if we have no collisions or a loop back situation the crypto chain can continue until it reach the total possibilities for 2^48 bit word length. What ever that big number is. But we know about constant loop back creating same ending numbers in the v1 chains. And those my friend only reflex the one that happened to end in same end. Wish I bet you is pretty small possibility of the total chains that really loop.

Reason for chain collision... yes I could not explained that any better well done.
...and that's where the rainbow part comes in... after discarding the last two bytes, the truncated 12 34 56 78 9A BC values are XOR'd with the round number (or link position in chain). Only if the values occur at the *same link position / round number* do you have a merging of chains. If not, both chains continue to meander down different paths of C8->CW links, thanks to the rainbow element of the reduction function.
The collision comes from the reduction from 8bytes to 6bytes during calculation of the chains. A reduction function is e.g. to omit the bytes 7 and 8. The collision is then obvious:
Code:
12 34 56 78 9A BC DE F0 => 12 34 56 78 9A BC
12 34 56 78 9A BC 10 54 => 12 34 56 78 9A BC
 
Last edited:

xosef1234

Registered
Messages
107
Only the first 8 bytes of the encrytped payload are crypt8 values... (the rest of the payload is further mangled with the stream cypher, not pure block cypher like the initial 8 bytes). So this ~( 2^(184x8))x23 figure makes no sense... the count of possible Crypt8s per plaintype_payload_length is exactly the same as the keyspace, 2^48. Or 2^48 x 23 for all possible lengths of one plaintype.
Correct me if I am wrong, but aren‘t we talking about different approaches?
1. it is clear that only the first 8 bytes are the crypt8, therefore in principle you can have 2^64 different unique values (regardless of payload size, plaintype and cw)
2. for one single plaintype (payload size fixed) and 2^48 possible cw‘s you will have 2^48 crypt8 values
3. for one single cw (payload size fixed) and 2^(184*8) possible plaintypes you will have that high number of crypt8, e.g.
B8hx(184*00h)
B8hx(183*00h&01h)
B8hx(183*00h&02h)
...
B8hx(184*FFh)
Of course, there are a lot of duplicated values, ie one single cw might give us the same crypt8 using 2 different plaintypes
 

Motogato

Registered
Messages
326
Sorry but collision must exist only in your head.

AC 91 46 29 C6 07 85 FA => 12 34 56 78 9A BC FFh table
 

Martin.Wigston

Registered
Messages
969
Sorry but collision must exist only in your head.

AC 91 46 29 C6 07 85 FA => 12 34 56 78 9A BC FFh table

Yes collisions do exist but not in your head, because you dont understand what is being discussed.

This is about the working of the chains within the RBT not putting a c8 in and getting a CW out.
 
Top