{"guid":"NzaYFnLUYCWw9gjG_KMgsQ","title":"Reverse engineering of CHIASMUS from GSTOOL","subtitle":"It hurts.","slug":"30C3_-_5307_-_en_-_saal_2_-_201312271400_-_reverse_engineering_of_chiasmus_from_gstool_-_jan_schejbal","link":"http://events.ccc.de/congress/2013/Fahrplan/events/5307.html","description":"We reverse-engineered one implementation of the non-public CHIASMUS cipher designed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short BSI). This did not only give us some insight on the cipher, but also uncovered serious implementation issues in GSTOOL which allow attackers to crack files encrypted with the GSTOOL encryption function with very little effort.\n","original_language":"eng","persons":["Jan Schejbal"],"tags":["30c3","Security \u0026 Safety"],"view_count":434,"promoted":false,"date":"2013-12-27T01:00:00.000+01:00","release_date":"2013-12-28T01:00:00.000+01:00","updated_at":"2026-04-17T08:00:02.936+02:00","length":2906,"duration":2906,"thumb_url":"https://static.media.ccc.de/media/congress/2013/5307-h264-hq.jpg","poster_url":"https://static.media.ccc.de/media/congress/2013/5307-h264-hq_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2013/NzaYFnLUYCWw9gjG_KMgsQ-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2013/NzaYFnLUYCWw9gjG_KMgsQ-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/30C3_-_5307_-_en_-_saal_2_-_201312271400_-_reverse_engineering_of_chiasmus_from_gstool_-_jan_schejbal","url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_title":"30C3","conference_url":"https://api.media.ccc.de/public/conferences/30c3","related":[{"event_id":1490,"event_guid":"import-d38b66f7dfefe277e4","weight":1},{"event_id":1505,"event_guid":"import-aab17311f8754984a4","weight":1},{"event_id":1571,"event_guid":"import-d31b8d9b757884b585","weight":1},{"event_id":1723,"event_guid":"4xOGbMd8E3ezI9zpD6BO4A","weight":2},{"event_id":1743,"event_guid":"i5TMBRf_-3TiDrceuY3osQ","weight":1},{"event_id":1748,"event_guid":"ufJTu-pu8QBUtd-bji9tmw","weight":1},{"event_id":1766,"event_guid":"R5Vdbjtyg_hFVmSLcqSJfg","weight":1},{"event_id":1792,"event_guid":"HsPfR-yh7Zg-N6kQo58UIQ","weight":1},{"event_id":1798,"event_guid":"0wIAXwCTvHhMFKucqslNxg","weight":1},{"event_id":1800,"event_guid":"gL8lRFVpn8NFFfATsOn7Bw","weight":1},{"event_id":1802,"event_guid":"PPVcroSxtnY9RfXjkEmxGA","weight":1},{"event_id":1807,"event_guid":"wGEf2KpP3_UU4Qm0vrtz1g","weight":1},{"event_id":1814,"event_guid":"3HEv_YYlkY2P_y1pKfU7fA","weight":1},{"event_id":1831,"event_guid":"shKT8wmGW3LurqOCDmbZyg","weight":1},{"event_id":1835,"event_guid":"xdX27wLbHpeOU_dSgBO4Hg","weight":1},{"event_id":1836,"event_guid":"SKDne_Zu6SPJc-ADxqiLnA","weight":1},{"event_id":1841,"event_guid":"wX415KPkBVf8zeBPWdqT2Q","weight":1},{"event_id":1849,"event_guid":"qU7LRRIvEiZBJAvAY5z_Ig","weight":1},{"event_id":1989,"event_guid":"4NABdZ7ki6qrAcGzcGtrqQ","weight":1},{"event_id":2082,"event_guid":"exuQFfNR0oVP49Bt6g8kPQ","weight":1},{"event_id":2088,"event_guid":"Ly09NwGnDZJ6UbrcE04S5g","weight":1},{"event_id":2170,"event_guid":"DvpNPWPGVgSqGcOI1WK45g","weight":1},{"event_id":2410,"event_guid":"5ea04767-ac2f-49f0-8525-906b548777d8","weight":1},{"event_id":2528,"event_guid":"6393a33b-889d-4850-b0e3-cbc7caeab1cb","weight":1},{"event_id":2540,"event_guid":"cd66723d-23cc-40e7-9b76-f9b38dc576ab","weight":1},{"event_id":2578,"event_guid":"fb3204b2-7e48-4202-89b8-b5c9ab7eeb03","weight":1},{"event_id":2747,"event_guid":"619c0d60-3839-4082-b497-01eb3206fb2e","weight":1},{"event_id":2755,"event_guid":"6733848c-84b1-4aa2-af57-820cbc5687e7","weight":1},{"event_id":2867,"event_guid":"341d7c6a-a8c0-47ec-8c24-4f6fc8639f3f","weight":1},{"event_id":2944,"event_guid":"5fb6f7b5-c237-4b64-b786-85e4c95f13ad","weight":2},{"event_id":3080,"event_guid":"2891aad4-3150-4d3b-b09e-1286470af1d3","weight":1},{"event_id":3091,"event_guid":"e5a914f1-2ad7-430b-b9f5-b0f0e9006456","weight":1},{"event_id":3093,"event_guid":"1682d8d8-6446-4629-ba26-3a5cd7157c67","weight":1},{"event_id":3244,"event_guid":"6a272039-1cce-5108-8c6c-6f993f74a524","weight":1},{"event_id":3254,"event_guid":"7eab2c8e-e7c8-5687-a77f-05ecd52f26cc","weight":1},{"event_id":3284,"event_guid":"30f92431-8ec3-51df-bd4f-e04df6d1b304","weight":1},{"event_id":3598,"event_guid":"f75d0531-ac47-4edd-99bd-9eadd836982a","weight":1},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":1},{"event_id":4785,"event_guid":"4c4af291-e9ed-4dc9-8b2e-9062db9924fa","weight":1},{"event_id":4791,"event_guid":"8d29d28d-a222-4731-bdfc-fde590385cae","weight":1},{"event_id":4794,"event_guid":"a2887b4a-0c9d-4220-a52f-c65c20ae25d7","weight":1},{"event_id":4817,"event_guid":"be19fbe3-e825-4e67-93f9-a6aeda2e31af","weight":1},{"event_id":4836,"event_guid":"7308816a-1e3d-4dc6-99e8-b512da95bcf1","weight":1},{"event_id":4844,"event_guid":"5c5e888e-4556-405b-a205-e59b97db99e1","weight":1},{"event_id":4866,"event_guid":"117a52b4-f675-49dd-aafe-659c07b6bc9c","weight":1},{"event_id":4876,"event_guid":"dec6a7e0-2651-4bb5-8300-977795e901ed","weight":1},{"event_id":4884,"event_guid":"416409b8-e09e-4717-bb2d-bba218d6f2f1","weight":1},{"event_id":4934,"event_guid":"4d3d9d56-7617-44da-b620-21ce5389a0b2","weight":2},{"event_id":5124,"event_guid":"724a3f03-abbd-5052-bfee-e3c28380e8e0","weight":1},{"event_id":5319,"event_guid":"53333844-334d-2020-2020-202020202020","weight":1},{"event_id":5326,"event_guid":"ca1800bf-221d-5084-86ea-cbf946d18e04","weight":1},{"event_id":5331,"event_guid":"6057325d-54d0-59d1-929e-880ee1320044","weight":1},{"event_id":5332,"event_guid":"ea7536ab-518e-5ec3-a897-7de5b1cc90cf","weight":1},{"event_id":5339,"event_guid":"0e85db0d-afc2-5826-a0ad-7189ffc80601","weight":1},{"event_id":5351,"event_guid":"3ff65726-0f21-56a6-893e-19a11bdacaf5","weight":1},{"event_id":5356,"event_guid":"6b10f088-835c-580f-875b-f6e5c4cce985","weight":1},{"event_id":5367,"event_guid":"f738088c-f2cf-54ab-a6cd-f3f5c5cc8481","weight":1},{"event_id":5369,"event_guid":"0e0586a7-c3fe-5267-ab12-c2450b961bce","weight":1},{"event_id":5407,"event_guid":"682090d6-32cf-52cd-9c58-c49a9c732200","weight":1},{"event_id":5830,"event_guid":"1f3a0237-0515-4cdb-90ac-d57f7bc85586","weight":1},{"event_id":5862,"event_guid":"ede0cf3c-7349-5c9d-875f-2a4e48e58b42","weight":1},{"event_id":5882,"event_guid":"5d51e9a5-ea43-5c16-b3e3-ca9d44f95795","weight":1},{"event_id":8040,"event_guid":"4f5dbd77-d923-46da-b158-cfc4a11bd611","weight":1}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-24T22:40:39.247+01:00","recording_url":"https://cdn.media.ccc.de/congress/2013/DRAFT_30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/52202","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"},{"size":null,"length":2906,"mime_type":"audio/opus","language":"eng","filename":"30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_opus.opus","state":"downloaded","folder":"opus","high_quality":true,"width":0,"height":0,"updated_at":"2014-11-11T12:42:54.575+01:00","recording_url":"https://cdn.media.ccc.de/congress/2013/opus/30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_opus.opus","url":"https://api.media.ccc.de/public/recordings/4714","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"},{"size":null,"length":2906,"mime_type":"video/mp4","language":"eng","filename":"30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_h264-iprod.mp4","state":"downloaded","folder":"mp4-lq","high_quality":false,"width":512,"height":288,"updated_at":"2016-01-26T08:07:13.115+01:00","recording_url":"https://cdn.media.ccc.de/congress/2013/mp4-lq/30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_h264-iprod.mp4","url":"https://api.media.ccc.de/public/recordings/4577","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"},{"size":null,"length":2888,"mime_type":"audio/mpeg","language":"eng","filename":"30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_mp3.mp3","state":"downloaded","folder":"mp3","high_quality":true,"width":640,"height":360,"updated_at":"2014-06-29T00:22:05.585+02:00","recording_url":"https://cdn.media.ccc.de/congress/2013/mp3/30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/3456","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"},{"size":null,"length":2906,"mime_type":"video/mp4","language":"eng","filename":"30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_h264-hq.mp4","state":"downloaded","folder":"mp4","high_quality":true,"width":640,"height":360,"updated_at":"2016-01-27T11:03:56.193+01:00","recording_url":"https://cdn.media.ccc.de/congress/2013/mp4/30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_h264-hq.mp4","url":"https://api.media.ccc.de/public/recordings/3455","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"},{"size":null,"length":2906,"mime_type":"video/webm","language":"eng","filename":"30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_webm.webm","state":"downloaded","folder":"webm","high_quality":true,"width":640,"height":360,"updated_at":"2016-01-27T11:03:56.227+01:00","recording_url":"https://cdn.media.ccc.de/congress/2013/webm/30c3-5307-en-Reverse_engineering_of_CHIASMUS_from_GSTOOL_webm.webm","url":"https://api.media.ccc.de/public/recordings/3454","event_url":"https://api.media.ccc.de/public/events/NzaYFnLUYCWw9gjG_KMgsQ","conference_url":"https://api.media.ccc.de/public/conferences/30c3"}]}