-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR decoding db definition: list index out of range #17
Comments
probably it is a new cronos format, like v5 or something younger, than 2 years from the last update of this software |
Decrypting the database is a heuristic process, with the current master branch, we just take the amount of \0 bytes into account which should be the majority of the table description contents. However, to aid the process of actually cracking the database, I prepared a PR #13 which adds a decryption helper support to strucrack. |
@erdgeist so, current version of cronodump can convert Cronos v5 format? |
Definitively. |
Maybe you could provide some example, like on that cronos db ? Because maybe 3/10 cronos databases which I met, have been successfully converted with croconvert |
Did you try to decode it with this PR? I would like to get some feedback on the interactive features to help narrowing down the database's keys. Also do you have a direct link to the database? I can't seem to create an account. |
https://t.me/dbsdbsdbsdb/112
Yep, it throws error Default:
With
Check for branch:
|
Ahh, the |
Error
Messages
If I'll use some Error
What is And as I said before, It would be very nice to have some instruction with example "what to do if |
The database encryption is outlined here: https://github.com/alephdata/cronodump/blob/master/docs/cronos-research.md … search for sbox in the CroStru section. Basically a password is scrambled to produce a 256 entry long s-box that translates input bytes to output bytes. If no encryption key is set, then a default sbox is used, which is defined here. Now, if you don't know the password for the database, there's other ways to figure out the s-box (or KOD in cronos lingo): if you assume that most bytes in the CroStru file are zeros, then you can just do a statistical analysis for each s-box entry, which value gives the most amount of zeros when decoded. The code is here. However, this is not a very reliable way, even though it has worked well for most of the test databases we have encountered. In order to improve reliability, I've added the PR above, that uses some well known strings appearing in the CroStru file to help identify wrong or missing guesses in the candidate s-box. One of the more useful ones is 'Системный номер' which is cronos lingo for the primary id of a record inside the database. It appears in CroStru files all the time. So if the strucrack encounters a string that looks like that string, it helps you to add more 'fixes' with the -f option in the next run. I.e. it forces the corresponding values in the s-box so you can continue looking for more strings that you can complete by invoking it again. In your example, the string 'Fosm?m?001' looks a lot like the commonly found string 'Formuls001' which should give you more entries in the sbox. You can add the --text 'Formuls001' option to add it so that the next run will produce more helpful 'fixes' shortcuts. The fact that you only have three duplicate candidate mappings means that you're probably close to cracking the s-box on your database. |
So, basically, I am trying to feed more text fields and more fixes in hope that eventually it will be cracked? How I can deduct fix manually? E.g. I have this
I know that UPD: answering my own question: by |
If I may suggest, auto fixes should also provide human friendly format "-f 4_hex=1_letter", because '-f 6_hex' is hard to debug for meatbags. Also, duplicates list stands for 4_hex digits which are mapped to few 1_letter? Please, consider this example
How should I read/understand duplicates info and how I could solve it manually by providing |
Why this output, after I provided fixes in
|
I managed to narrow down the KOD to just six missing mapping with
will further investigate how to more easily crack the KOD using the CroBank |
I usually just copy the |
Turns out that since these are all the bytes we find in the CroStru, the incomplete kod is enough to decode the whole database:
|
Because there's a length byte in front of the string: So there's a 0x0f byte in front which would be automatically added with the decoder fix lines. |
How have you defined " just six missing mapping"? |
From where you get that incomplete KOD? |
So it could be safely ignored or not? |
Just from looking at the structure in the database description files. There also was a rich supply of known plaintext in that header like I understand that this approach is not for everyone as it requires some in-depth understanding of how cronos databases are written to disk. But as I wrote earlier, I am working on making it easier for everyone to do that. |
Well, it gives you an extra byte of known plaintext directly translating into a known entry in the KOD table, which is great if you want to decrypt the database |
bin/croconvert --strucrack --csv --dbcrack test_data/DB/
WARN: expected dbinfo to start with 0x03
ERROR decoding db definition: list index out of range
This could possibly mean that you need to try with the --strucrack option
WARN: expected dbinfo to start with 0x03
ERROR decoding db definition: list index out of range
This could possibly mean that you need to try with the --strucrack option
Got the issue above, any hints how it can be fixed?
Thanks
The text was updated successfully, but these errors were encountered: