(Ema_0, Masking/Encryption) – Conceptually the replacement technique is trivial and very easy to apply to the data source to modify its elements. Almost all symbols are replaced by others. Only if a key value is 000 for a given index will the replacement leave the existing element. However, it is always possible to remove ‘0’ as a symbol in the keys, but this makes no sense because the hacker does not know anything. Basically, the replacement technique can be explained as follows.
The following example will help us better understand how Ema_0 works during the encryption stage using a 16 byte key.
The key is an array of bytes (thus containing values from -128 to 127 signed, or 0 to 255 if taken in unsigned format). The data source can be a byte byte-block of any length.
So the replacement algorithm will work on a 16-byte block of the same length as the key, and will simply read the key and block bytes sequentially and XOR (^) them, overwriting the data block.
Reads the value of the first byte of the key and the first byte of the first block in the data source that produces the XOR result. The result is written in place of the bytes of the copy of the data source just read. The operation is repeated, block by block, until the end of the file. Of course, the key pointer from position 15 (end of block) also returns to position 0.
Replacement is very fast, even for large files.
This technique is very useful for masking the data source when it is easy to read or when the file type is easy to recognise. It completely obscures the source itself.
Typically, substitution also changes the data source to symbols that are not present in the source.
The following is a trivial example of replacement using the 16-byte key from 0 to 15 and a 16-character string as the data source. Let the source string be [a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p]. The decimal values of the elements are taken from the ASCII table.
| KEY & DATA INDEX | KEY VALUES | DATA BEFORE REPLACEMENT | REPLACEMENT (MASKING) | DATA RESULT | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000 | 033 | a | @ | @ | |||||||||||||||
| 001 | 048 | b | R | R | |||||||||||||||
| 002 | 043 | c | H | H | |||||||||||||||
| 003 | 045 | d | I | I | |||||||||||||||
| 004 | 044 | e | I | I | |||||||||||||||
| 005 | 037 | f | C | C | |||||||||||||||
| 006 | 046 | g | I | I | |||||||||||||||
| 007 | 040 | h | @ | @ | |||||||||||||||
| 008 | 041 | i | @ | @ | |||||||||||||||
| 009 | 042 | j | @ | @ | |||||||||||||||
| 010 | 036 | k | O | O | |||||||||||||||
| 011 | 034 | l | N | N | |||||||||||||||
| 012 | 038 | m | K | K | |||||||||||||||
| 013 | 039 | n | I | I | |||||||||||||||
| 014 | 035 | o | L | L | |||||||||||||||
| 015 | 047 | p | _ | _ | |||||||||||||||
| 000 | 001 | 002 | 003 | 004 | 005 | 006 | 007 | 008 | 009 | 010 | 011 | 012 | 013 | 014 | 015 | ||||
Example of replacement at the masking/encryption stage
ASCII decimal unsigned values:
a=97, b=98, c=99, d=100 e=101, f=102, g=103, h=104, i=105, j=106, k=107, l=108, m=109, n=110, o=111, p=112
The four first replacement:
1. a=97; key(0)=33; 33^97=64=@ → data(0)
2. b=98; key(1)=48; 48^98=82=R → data(1)
3. c=99; key(2)=43; 43^99=72=H → data(2)
4. d=100; key(3)=45; 45^100=73=I → data(3)
…
With the replacement technique, the output is the string [@, R, H, I, I, C, I, @, @, @, O, N, K, I, L, _], which corresponds to the decimal values [64, 82, 72, 73, 73, 67, 73, 64, 64, 64, 79, 78, 75, 73, 76, 95]. Computationally, all that is required is to overwrite the elements of an array. Obviously, as we will see, by applying the substitution technique we will get the source string back.