Python Forensics – Cracking an Encrypted Program

In this chapter, we’ll learn how to crack text data obtained during analysis and forensics.

Plain text in cryptography is normal, readable text, such as a message. On the other hand, a cipher text is the output of an encryption algorithm after you input plain text.

A simple example of how we can convert plain text messages into cipher text is the Caesar cipher, invented by Julius Caesar to keep plain text secret from his enemies. This cipher involves shifting each letter in the message “forward” three places in the alphabet.

Below is a demonstration.

a → D

b → E

c → F

….

w → Z

x → A

y → B

z → C

Example

When you run the Python script, the input gives you all the character possibilities, which are used for pattern evidence.

The types of pattern evidence used are as follows

• Tire Tracks and Marks
• Impressions
• Fingerprints

Each biometric data set consists of vector data, which we need to decipher to gather comprehensive evidence.

The following Python code shows how you can produce a cipher text from plain text −

import sys

def decrypt(k,cipher):
   plaintext = ''

   for each in cipher:
      p = (ord(each)-k) % 126

      if p < 32:
         p+=95
         plaintext += chr(p)
         print plaintext

def main(argv):
   if (len(sys.argv) != 1): sys.exit('Usage: cracking.py')

cipher = raw_input('Enter message: ')

for i in range(1,95,1):
decrypt(i,cipher)

if __name__ == "__main__":
main(sys.argv[1:])

Output

Now, let’s check the output of this code. When we input a simple text “Radhika”, the program will produce the following cipher text.