# Didier Stevens

## Thursday 28 December 2006

### Brute Forcing Enigma

Filed under: My Software — Didier Stevens @ 12:32

A colleague of mine is getting married and her friends gave her a bunch of puzzles to solve. One puzzle is about the Enigma cipher machine, that’s why she asked me for help.

She has to go to this page (a flash simulation of the Enigma cipher machine) and solve this puzzle: If ANSWER is YRKRHL, then insert ENIGMA into enigma to find the answer…

It was immediately clear to me that we were dealing with a KPA: find the key (Enigma cipher machine configuration) that encrypts ANSWER into YRKRHL, and then we’ll be able to find the encrypt ENIGMA.

I quickly wrote a C# program to brute force all the starting positions (AAA – ZZZ), based on this article. At first my program didn’t find a solution, so I added brute forcing of the rotors and steckers configuration. By then my colleague had received a hint from her friends, which allowed us to set the correct configuration of the rotors, starting positions and steckers.

The funny thing is that my program found several other solutions:

Solution: rotor 243 key JRP steckers ACLX cleartext ANSWER ciphertext YRKRHL
cleartext2 ENIGMA ciphertext2 JRHSCB
cleartext2 ENIGMA ciphertext2 IRLHUN
Solution: rotor 234 key UHH steckers AGJS cleartext ANSWER ciphertext YRKRHL
cleartext2 ENIGMA ciphertext2 XRNBIK
Solution: rotor 234 key UHH steckers AGKU cleartext ANSWER ciphertext YRKRHL
cleartext2 ENIGMA ciphertext2 XRNBIU
Solution: rotor 321 key ESM steckers AHFY cleartext ANSWER ciphertext YRKRHL
cleartext2 ENIGMA ciphertext2 BRDHAQ
Solution: rotor 125 key HMH steckers AHRU cleartext ANSWER ciphertext YRKRHL
cleartext2 ENIGMA ciphertext2 QRYFNZ

MD5: A9FEBBABA207E7C3790D075FD3A3D22B

1. I’m the writer of that article. I’m glad my work was of use to you.

P.S.
The Reich would not have any chance in out times :))

Comment by Adi Clepcea — Thursday 28 December 2006 @ 13:24

2. I have been interested in how the Enigma code was broken for some time and your program looks good. Presumably you need to run it from the command line? I will give it a try and see how I get on.

Comment by Anonymous — Wednesday 24 August 2011 @ 8:12

3. Didier

I’m very interested in this piece of software. My only question is, how do you use it?

Thanks.

Comment by Chris Miles — Friday 26 August 2011 @ 6:35

4. @Chris Did you try to run it?

Comment by Didier Stevens — Friday 26 August 2011 @ 17:44

5. Yes, I’m trying to run it using the command line interface in XP. It keeps throwing up an error that the cleartext and ciphertext command line arguments are missing. Presumably when typing “bruteforceenigma” to start the program, somehow I need to follow it with the cleartext and ciphertext that I wish the program to find the enigma machine settings for? If you could provide me with a step by step guide on how the program works that would be great. Thanks for your help and for the program itself.

Chris

Comment by Chris Miles — Tuesday 30 August 2011 @ 6:50

6. @Chris Here’s an example: BruteForceEnigma.exe /clearText:ENIGMA /cipherText:YRKRHL

Comment by Didier Stevens — Tuesday 30 August 2011 @ 17:31

7. Thanks I am now able to run it successfully.

Chris

Comment by Chris Miles — Friday 2 September 2011 @ 7:04

8. Hey, I know this is an old program, but I’d love it if you could answer a question. Is there some way to modify this to have fixed rotors? I know that I need to use I-II-III, and I know there are no steckers, so I just need the key. Is that possible?

Comment by zeppelincaptain — Sunday 7 June 2015 @ 21:51

9. Yes, the source code is included.

Comment by Didier Stevens — Sunday 7 June 2015 @ 21:56

10. Im on a mac so i cant use this, i was wondering if anyone would be willing to decode an enigma code for me, the code is as follows
MDY ZNIG IHPE SOCV UAWZ HXNL KAVG HMK
would be much appreciated, thank you.

Comment by Zachary Schenkman — Friday 30 September 2016 @ 2:00

11. Try to run this with Mono on hour Mac.

Comment by Didier Stevens — Friday 30 September 2016 @ 6:33

12. your program is really cool, but when searching the plug settings it you can’t check for example: AC AB, because A is already used by AC. Or am I just misunderstanding something.

Comment by Anonymous — Friday 20 April 2018 @ 17:01

13. I know this is old, but I believe there is a bug.

Using rotors I, II, and III with no steckers. Keys OFW and NEW should encrypt/decrypt to the same thing.

Middle rotor E is a notch setting. The enigma rules say that if the middle rotor is a notch setting, then ALL THREE rotors turn. I don’t think your code does this. I think it only turns two rotors.

You can verify this using an online simulator.

That said, this code has been super useful to me and I appreciate you making it public!

Comment by Adman — Sunday 13 December 2020 @ 3:39

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.