OBAKE Cryptanalysis: Code-Injection


In this attack, the actor research the code to discover where and how to change some critical step of the algorithm (or program), causing an undetected and predicted malfunction to achieve his goals. It may be related to leaking the user's key to a remote location or file, or to make the algorithm vulnerable by bypassing several rounds or critical steps (the encryption will be weak), or even changing large portions of code to perform (or not) a specific function.

Two of the most well-known code injection attacks are carried out by malicious artifacts (malware/viruses) and "patches" to hack legitimate software. Both pre-analyze the target and replace/include its malicious code in the compiled structure of the program.

The OBAKE application is protected against this attack by performing a complete integrity check in its entire bundle. In this way, any modification (even a single byte) will raise an error, preventing the user from executing the application. A collateral effect of this protection is also to indicate if any malware has invaded OBAKE or one of its libraries.

See here a demo about it.

Regarding to the OBAKE-512 algorithm, any eventual change in its code (if that were possible) compromises its functionality due to a series of tightly chained integrity-checking processes.

Therefore, this type of attack on the OBAKE application and the OBAKE-512 algorithm is impractical.

Bibliographic references

H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.