4x6 Cipher

From 11B-X-1371
Jump to: navigation, search

This is the Ciphertext we are currently working with (please note the remark below!)

AHCJ WVFE YCHW OSVG 
XUGQ GYXG XASE RFFO 
HDVS CIMR NBBX HWLN 
RCUS LFCS LXIP NMPC 
FQJI XZIG FXRC QBXT 
RMSV SBOG UURD OCL

This has finally been solved, thanks to everyone on the IRC channel that helped we were able to bruteforce the enigma springs, starting positions and plugboard settings.

It has been confirmed to be an Enigma M4 with the following settings Model: M4 / UKW:C-Thin / Gamma-III-I-II / Position : A-H-C-J / Rings : W(23)-X(24)-G(07)-F(06) / Plugboard : DM - ES - HZ - JP

To get the solution, you need to remove the "AHCJ" for the enciphered text.

Using the cipher text posted above will give you an output of:

COMPLACENT ARE THE WEAK STAND AND FIGHT WITH US TAKE DOWN THE BLACK BEAST KILL HIS DISEASE OR FALL WITH THE REST


Theory of Enigma

The 4x6 cipher first suspect is Enigma. During this session, we will go on many parts that has already covered by this. Hi everyone and welcome to this magic enigmatic tutorial about the Enigma! Firstly, this tutorial is set around the 11BX1371.

Getting Started

We will go on major fact before going into the true matter.

- Enigma can only cipher ALPHA and not number.
- Enigma is a machine with version. They were commercial and national version ( K for Swiss, N for Norway, J for Japan, D for commercial, R for Railway) and military one (M3 for all army corps and m4 for Kriegsmarine).
- In some type of Enigma, there is a plugboard that can change the output by making connections with letter. (E=G and etc.)
- Most of the standard model is composed of : 1. Three variable rotors with the scale of 1 to 3 2. Three variable wheel (starting position) with the Alphabet(A to Z) * There is also the Ring setting where the scale is 1-26 (following the alphabet e.g 01-A)
- Moreover, the military version of Enigma version have reflector (for starting position and ring position)
- Why is it so difficult to solve? 10,576,685,775,397,038,560,879,616,000 unique combo of variable (for the setting with the plugboard) which mean the exact same type of letter possibility for ONE letter (it get worse the enciphered input is bigger)

Rotor Setting : 8 x 7 x 6 = 336
Starting Setting : 26 x 26 x 26 x 26 = 456,976
Ring Setting : 26 x 26 x 26 x 26 = 456,976
Plugboard Setting : 26! ÷ (!6 x !10 x 2^10) = 150,738,274,937,250
Total = 10,576,685,775,397,038,560,879,616,000 (ten octillion five hundred seventy-six septillion six hundred eighty-five sextillion seven hundred seventy-five quintillion three hundred ninety-seven quadrillion thirty-eight trillion five hundred sixty billion eight hundred seventy-nine million six hundred sixteen thousand)

Enigma1.png

1- Keyboard
When the operator presses the letter 'T' on the keyboard it creates an electric signal that begins the journey through the Enigma machine wiring that will end with a lamp flashing on the lampboard.
2- Plugboard
The first stop on the journey is the plugboard. Here the signal is connected to the 'T' input on the plugboard. Some of the letters on the plugboard will be wired up to other letters (the plugs), causing the signal to be diverted. If the 'T' input is not plugged to another letter then our signal will pass straight to the 'T output. In our case, though the 'T' is plugged to the 'K', so the signal is diverted to a new path, the letter is now 'K'.
3- Static rotor
The next stop is the static rotor, which as the name suggests does nothing to the signal it simply turns wires into contacts (the signal only passes when the contacts touch). So our signal is still the letter 'K'. The static rotor output is connected to the input of the right rotor. This is where things get more complicated.
4- Rotors
There are five possible rotors that can be used in any order for the three rotor positions: right, middle, left. Each rotor has an inner ring of contacts and an outer ring of contacts and their purpose is to scramble the signal. The outer ring contacts connect each rotor to the next rotor (or the static rotor / reflector) as well as its own inner ring. The inner ring contacts can be rotated relative to the outer ring which results in even more possible connections (and therefore, letter substitutions). The whole rotor itself can be rotated relative to the static rotor, so that the static rotor 'A' output is not connected to 'A' input on the rotating rotor.
Furthermore, as each letter is entered the rotors rotate by one position, so that the same letters are never connected together in the same message. To add further complication, each rotor has a notches (different rotors have the notch in different positions) which when reached, causes the next rotor to its left to step forward too. In the case of the middle rotor, it causes the left rotor to step as well as itself (the infamous double stepping mechanism).
5- Reflector
The reflector takes the input and reflects back the electrical signal for its return journey through the rotors. There are two possible reflectors, each of which is wired up differently so that the input letter is transformed to a different letter when reflected back. In our example, we are using 'Reflector B', which turns our input letter 'H' into output letter 'D'.
It is important that the signal is scrambled when reflected, because of the way the Enigma machine is designed -- if you enter the cipher text you get back the clear text. So if the reflector output is the same letter as its input when the signal passes back through the rotors they will just unscramble what was already scrambled and you would get your original letter back again unencrypted!
6- Reverse Journey
The reflected signal now passes back through the rotors, which work in exactly the same way in reverse. So our letter 'D' passes through the left rotor and becomes 'G', which then passes through the middle rotor and becomes 'R', which then passes through the right rotor and becomes 'W'. The signal remains unchanged as it passes through the static rotor again (connecting contacts to wires), before it passes through the plugboard - here the signal is again left as it is if there is no plug, or changed if the letter 'W' is plugged to another letter. In our case the 'W' is plugged to the letter 'G', so our plugboard output is 'G'.
7- Lampboard
The final stop is the lampboard, where the plugboard output is connected to the corresponding lamp for that letter. In our example, the letter 'G' lights up meaning the original letter 'T' is encrypted as 'G'. Source : [1]

The Enigma machine operator notes down the output letter and then enters the next letter in the message, and so on for every letter in the message.

Bruteforce
- Introduction

Bruteforcing enigma takes time. We can save time by locking different settings. Parker mostly leave a lot of the setting in the video so the bruteforce is easier. Even though it is not sure he intended to make the searchers use bruteforcing. It is quite a potent way to find a correct output. We are using many script to bruteforce enigma but the most viable script is the one made by lcchiocca which is use under restricted condition.
Online, the best simulator for m4 enigma is this one [2]

- Flaw

To bruteforce, we are currently using two flaws of the original enigma :
1. A letter in the Input (ex:A) can never be a A in the output (cipher text) text. EVEN WITH PLUGBOARD.
Example : Plugboard (A>Z) = Rotors 1 (Z>R) = Rotors 2 (R>Q) = Rotors 3 (Q>Z) LOOP BACK THROUGH ROTORS = Rotors 3 (Z>F) = Rotors 2 (F>S) = Rotors 1
(S=A) GO to the plugboard again =Plugboard (A=Z). The plugboard here counter itself.
2. If you assume the first letter of the output(B)is in the input a A (A=B), you could start with this. Going on. If you assume the second letter of
the output(F) is in the input a A(F=A) and it is not true. Then BOTH of the assumption are false(A=B and F=A). There are flaw of Enigma.

- How it work
For a random output :
"AODN QIEW VANS"
The script will be testing every settings e.g "wildcard" (that are not lock) and compiling the output text. After that, it is forming what we call a "dump" (All the compiled results). Finally, a dictionary attack is performed and each result is scored so we can analyze only thoses who MAY be potential correct output.

Current Effort

We have currently two Enigma at the moment.
One is from the 11b 3 1369 video.

"First image"
ACPD ENIP FJQF GQCJ FMXO FZDG
"Second image"
ZHFA FAZC COUN EFDA EFKX IDAN

And one from the patreon letter.

FARH ZOCE NQTD BDSZ SGZT WGQR GBSX JAEZ CPTO YJJH NSYP

Also, we have a fully set enigma setting in the site game.
Model: M4
Wheels: C.Gamma I - III - II
Start: X X X X
Rings: 06 01 18 08
Plugged: DI JO LU MP SW

If you want video, check thoses : - https://www.youtube.com/watch?v=G2_Q9FoD-oQ -https://www.youtube.com/watch?v=V4V2bpZlqx8 Be careful, it is roughly right.