-----BEGIN PGP SIGNED MESSAGE-----

Contraband 9g

First I performed a binary compare of the two images. I
noted that the differences were in the range 3F-150B. That's
5324 bytes. We can be quite sure that the actual number of
bytes is very close to this number because there is a 0.5
chance of being one byte more, 0.25 chance of being 2 bytes
more etc. We know the length of the file is 587 bytes so
5324/587 gives 9.
Now, we know from looking at the source code that:

Block size = 8 + (digit 2 of PIN) mod 4

i.e. PIN(2) = 1 (mod 4) => PIN(2) = 1, 5 or 9 (considering
digits only)

I became rather lazy now and opted for the brute force
method. Since there are only 10 digits to search through, I
just did this by hand. I tried values x100 until I got an
output file of the right length. Now as the encryption used
by Contraband is merely a simple XOR with a one byte key,
decrypting the file is trivial. However, since we are told
that the file contains URLs and ';;?u`` matches marvellously
the http:// we are expecting we can perform a known
plaintext attack. I decrypted using a utility I wrote a
while ago, but you can do the same using HIEW by XORing the
first byte with 'h' and then noting the value 'O'. Then xor
the rest of the file using the value 'O' to get it in
decrypted form.

It wouldn't be difficult to write a program to automate a
lot of these steps as a lot of the code you need is already
written for you in the source of Contraband itself!

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNK5wgf2BzbC3j9ThAQF71AgArrbMqLWsDgI7q9MC8VU8Yu7R2uS5MpPN
iiXNihrgL8KpNS1FfToZdfcB1IubFxZn17TX+bhWYUblhHoKS0wxL+icfqMZguri
nTDa4uqWVMvKv1Ii7J0pS1AKkjrOSpSWaZB8H7SDWCYF4MwlELxhJAM8CKJIasbQ
IKTKjnhRgE2JMdiDyr9Nmg9sEcDMVNzEdrJm0ZU4JKFw59mcimoALf4B/r76KlUj
c9dmB0vvi0IziSIplYGOV/PRHdqJgzaS/PceWMKCJVdWuaz3hhgdVshOnhJGzvY8
cFUU3HaeV+z8c/UdofRIoSeE+jqoOJYLPIvPfbqrEoHogX3JizRDig==
=iT76
-----END PGP SIGNATURE-----