jump to navigation

Applying ROT128 Encryption On ByteArray July 28, 2010

Posted by Tournas Dimitrios in Actionscript.

In this post, we will look at a very simple algorithm for weak encryption. You should not use this method for real cryptographic security. However, because it is so simple to implement, the light-weight algorithm could easily escape prying eyes and avoid being the target for decryption in the first place.

I should also clarify that the term “ROT128″ does not actually exist. The original idea comes from ROT13, a variant of the Caesar Cipher (named after Julius Caesar of ancient Rome who used it to encrypt messages, but it is not clear who first invented or started using the cipher).

ROT13 :
With ROT13, you obfuscate a piece of text by substituting each character with one that is 13 positions higher up in the English alphabet (A-Z) sequence, with positions wrapping back to the beginning after Z. Therefore, you are rotating the positions (thus the name of the cipher). The choice of 13 positions is used because there are 26 alphabets (positions), which means applying ROT13 twice restores the original text. In other words, the exact same algorithm is used for both encoding and decoding. Effectively, the alphabet A becomes N and vice versa. Likewise, M becomes Z and vice versa, etc.

ROT128 :
With ROT128, instead of obfuscating text, we will corrupt a ByteArray object by rotating all its byte values by 128 positions each. A byte value has 256 possible positions, and so in the spirit of using the same algorithm for encoding and decoding, we will rotate values by 128 positions. Therefore, 0 becomes 128 and vice versa, 1 becomes 129 and vice versa, 127 becomes 255 and vice versa, etc.

function ROT128(bytes:ByteArray):void
	// bytes is ByteArray object to encrypt/decrypt
	// you are modifying the object directly, not a clone
	if (bytes)
		var j:int = bytes.length;
		while (j--)
			bytes[j] += 128;

As you can see, the algorithm is very simple. The ROT128 function listed above is intended for reference only. You don’t even really need to create such a function since you can easily sneak the code in-line into the part(s) of your application code where it will actually be used. After all, if your SWF is decompiled, having a function named ROT128() is more likely to alert the hacker to the usage of the cipher.

Partial ROT128 :
Sometimes, less is more. Instead of applying ROT128 to every byte in the ByteArray object, you may choose to do a variant of that – apply to just the first 50%, last 50%, first and last 1024 bytes, every two bytes, etc. Doing so would make the cipher slightly more complex, and yet requiring only a slight change to the code (the condition of the loop).

Instead of rotating by 128 positions, you can choose to rotate by some other number between 1 to 127. Of course, 128 is the only number that will allow you to use the exact same code for encoding and decoding. Using any other number would require opposite operations – if you increment for encoding, then you need to decrement for decoding.


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s