This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefore, focus will be set on errors, deliberate or not, from the implementation or the use of such tools, to information leakage.
First, straight attacks on encryption keys are examined. They are searched in binary files, in memory, or in memory files (such as hibernation files). We also show how a bad initialization on a random generator sharply reduces key entropy, and how to negate this entropy by inserting backdoors.
Then, we put ourselves in the place of an attacker confronted to cryptography. He must first detect such algorithms are used. Solutions for this problem are presented, to analyze binary files as well as communication streams.
Sometimes, an attacker can only access encrypted streams, without having necessary tools to generate such a stream, and is unable to break the encryption used. In such situations, we notice that it often remains information leakages which appear to be clearly interesting. We show how classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information. We build for example socio-grams able to reveal key elements of an organization, to determine the type of organization, etc.
The final part puts in place the set of results obtained previously through the analysis of a closed network protocol. Packet format identification relies on the behavioural analysis of the program, once all the cryptographic elements have been identified.