Encrypted Game Manual - Could we crack it?

[yersinia]

FIRST FRC Password Convention:

Past three years:
2014: 3Zones2Goals1Alliance!
2013: sAucersFlyRobotsClimb!
2012: !HotShots!KnowBalance!
2011: 5Time4For3Robots2To1Dance!

Uses AESv2 128 bit for PDF encryption

At first glance, it seems pretty secure. However there seem to be a lot of patterns as to how the passwords are chosen.

Patterns:
1) always 22 characters after 2011
2) all of the words used are english and would appear in the dictionary
3) they use mixed case
4) a word is never separated by anything special, and no character substitution is used
5) only around 3 or 4 words are used
6) they always end with a "!" character
7) in all years but 2013 the first character has not been a letter

Idea:
Create a program that generates a wordlist based on the rules FIRST seems to follow when creating the passwords, split the wordlist up into smaller segments, and let different teams try different segments until the correct key is recovered


Thoughts?

[George1902]

A more important question might be: Should we crack it?

[notmattlythgoe]

Quote:

Originally Posted by George1902

A more important question might be: Should we crack it?

The correct answer is no.

[wasayanwer97]

I'm sure someone out there could.
I think as a community we may be able to.

I don't think it's something we should be attempting though.

Saturday is only a few days away. I know we all want to find out the game, but this isn't the way.

[yersinia]

Is attempting to crack the encryption on the game manual pdf that different from trying to figure out the hint?

[cgmv123]

The manual is encrypted using 128-bit AES encryption. From the decryption test page.

Quote:

[128-bit AES encryption] is a current standard considered by the US Government as completely secure for short (weeks) periods of time

[notmattlythgoe]

Quote:

Originally Posted by yersinia

Is attempting to crack the encryption on the game manual pdf that different from trying to figure out the hint?

Absolutely. The hint is only going to provide so much information, and it is always speculation until the day of kickoff. Cracking the rule book will reveal all of the needed information to start building early. And since you created a new no-team affiliated profile just to post this I'm guessing you feel the same way.

[ehochstein]

Quote:

Originally Posted by yersinia

Is attempting to crack the encryption on the game manual pdf that different from trying to figure out the hint?

Yes, it is. Hints are released to us to keep us guessing, the manual is released in its encrypted format to make it easier on us Saturday, so there isn't a bottleneck downloading. I don't want to know what the game is, I don't want to know what any "leaks" are, in fact I don't want to know anything about this year's game until Saturday morning when FIRST decides to release it to us.

I enjoy the suprise.

[sanddrag]

Quote:

Originally Posted by yersinia

Is attempting to crack the encryption on the game manual pdf that different from trying to figure out the hint?

Absolutely. Figuring out the hint is encouraged. Cracking the manual is just plain wrong.

From a technical perspective, I find threads like this interesting. I like discussions about how much computing horsepower is neneded for certain tasks, and how long they will take.

But from an ethical and moral perspective, we should not ever attempt to crack something of value that we do not own rights to.

What you should do is encrypt your own file, and then try to crack that.

[yersinia]

Quote:

Originally Posted by cgmv123

The manual is encrypted using 128-bit AES encryption. From the decryption test page.

Yes, AES is pretty strong, but in this case it is only 128 bit, and the key is fairly predictable. I'm not suggesting brute force. A gpu could probably churn out tons of guesses per second and testing wordlists we create using the patterns in their password shouldn't take more than a couple hours at most.

[GKrotkov]

Quote:

Originally Posted by yersinia

Is attempting to crack the encryption on the game manual pdf that different from trying to figure out the hint?

Absolutely. When FIRST encrypts their manual - let's take that as a hint that perhaps, just maybe, they're not interested in us reading it before we're supposed to. The hint they make public and give us as information.

[Bryan Herbst]

This seems to come up every year.

FIRST releases the game manual early every year to allow teams to download it early- the servers get hammered on kickoff with teams trying to download the manual, and this helps minimize the load during kickoff. It is encrypted so they can still prevent teams from seeing the contents until kickoff.

Don't abuse this. Trying to crack the manual shows a significant amount of disrespect for FIRST and all other teams competing in the program.

If you want to challenge yourself by cracking it after kickoff, by all means go ahead.

As for is it actually possible:
Using brute forcing, no, it would not be possible to crack it prior to kickoff.
Using more refined techniques like you suggested, sure, you might be able to crack it if you are lucky. If you are making incorrect assumptions, then you'll just waste your time though. They could very easily use a word not in your list (or a word they made up), or they could change the pattern ever so slightly and you could be running your cracker for 4 days with no results.

[Jared Russell]

Oh hey, it's this thread again. I suggest reading this before continuing.

[FrankJ]

I posted the key on CD, but they deleted it. Oh well

[cgmv123]

Quote:

Originally Posted by yersinia

Yes, AES is pretty strong, but in this case it is only 128 bit, and the key is fairly predictable. I'm not suggesting brute force. A gpu could probably churn out tons of guesses per second and testing wordlists we create using the patterns in their password shouldn't take more than a couple hours at most.

"Tons of guesses per second" is unbelievably ridiculously optimistic. The best you can get using modern GPU's is a few guesses per second. There are 3.4E38 possible keys. Do the math.