def encryption_oracle_ecb_cbc(bt):
key = crypto_random_bytes(16)
iv = crypto_random_bytes(16)
mode = choice(['ecb', 'cbc'])
begin_pad = crypto_random_bytes(random_integer(5, 10))
end_pad = crypto_random_bytes(random_integer(5, 10))
to_encrypt = pad_to_mod_16(begin_pad + bt + end_pad)
if mode == 'ecb':
ciphertext = encrypt_aes_128_ecb(to_encrypt, key)
else:
ciphertext = encrypt_aes_cbc(to_encrypt, key, iv)
# do not cheat, use mode for validation only
return ciphertext, mode
def encryption_oracle():
key = random_integer(0, 2**16 - 1)
prefix = crypto_random_bytes(random_integer(0, 200))
message = prefix + b"A" * 14
ciphertext = cipher_encrypt(message, key)
return key, ciphertext
def main():
key = crypto_random_bytes(16)
message = string_to_bytearray("Commitment")
h1 = sha1_keyed_mac(key, message)
h2 = sha1_keyed_mac(key, message + b"X")
if h1 and h2 and h1 != h2:
print("challenge 4.28 completed.")
else:
print("challenge 4.28 failed.")
import sys
import web
sys.path.insert(0, '../set_1_basics')
sys.path.insert(0, '../set_2_block_crypto')
sys.path.insert(0, '../set_3_block_stream_crypto')
from utils import crypto_random_bytes, random_integer, chunks_of_bytearray
import hashed_mac
import time
import threading
import requests
from collections import Counter
from break_hmac_sha1_artificial_timing_leak import sign, verify, default_timing, time_signature, test_signature, MyWebserver
from operator import itemgetter
ARTIFICIAL_TIMING = 0.005
KEY = crypto_random_bytes(64)
def break_byte(signature_to_break, so_far, nr_traces=25):
overhead = default_timing()
results = []
for byte_candidate in range(256):
signature_to_break[so_far] = byte_candidate
exps = []
for i in range(nr_traces):
t = time_signature(signature_to_break)
exps.append(t)
results.append((byte_candidate, sum(exps) / len(exps)))
import sys
sys.path.insert(0, '../set_1_basics')
from utils import crypto_random_bytes, base64_to_bytearray, string_to_bytearray, random_integer
from pkcs7_padding import pad_to_mod_16, unpad_pkcs7
from aes_cbc_mode import decrypt_aes_cbc, encrypt_aes_cbc
from utils import str2bin, bin2str
oracle_key = crypto_random_bytes(16)
iv = crypto_random_bytes(16)
def encrypt_user_data_cbc(user_data):
user_data = user_data.replace(";", "")
user_data = user_data.replace("=", "")
plaintext = "comment1=cooking%20MCs;userdata=" + user_data + ";comment2=%20like%20a%20pound%20of%20bacon"
to_encrypt = pad_to_mod_16(string_to_bytearray(plaintext))
return encrypt_aes_cbc(to_encrypt, oracle_key, iv)
def decrypt_and_check_admin(ciphertext):
plaintext = decrypt_aes_cbc(ciphertext, oracle_key, iv)
plaintext = unpad_pkcs7(plaintext)
return b';admin=true;' in plaintext
def flip_bit(ciphertext, ix):
assert type(ciphertext) is bytearray
ciphertext_copy = bytearray(ciphertext)
import sys
sys.path.insert(0, '../set_1_basics')
from utils import crypto_random_bytes, base64_to_bytearray, string_to_bytearray, random_integer
from aes_ecb_mode import encrypt_aes_128_ecb
from pkcs7_padding import pad_to_mod_16
from ecb_cbc_detection_oracle import detection_oracle
import byte_at_a_time_ecb_decryption_simple as byte_at_a_time_simple
from utils import chunks_of_bytearray
from itertools import groupby
oracle_key = crypto_random_bytes(16)
secret_b64_string = '''
Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg
aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq
dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg
YnkK
'''
secret = base64_to_bytearray(secret_b64_string)
padding = crypto_random_bytes(random_integer(1, 30))
def encryption_oracle_ecb(plaintext):
to_encrypt = pad_to_mod_16(padding + plaintext + secret)
return encrypt_aes_128_ecb(to_encrypt, oracle_key)
def _check_magic_blocks_number(magic, ct, block_size):
blocks = chunks_of_bytearray(ct, block_size)
repeating_blocks_grouped = [list(j) for i, j in groupby(blocks)]
repeating_blocks_sizes = [len(i) for i in repeating_blocks_grouped]
import sys
sys.path.insert(0, '../set_1_basics')
sys.path.insert(0, '../set_2_block_crypto')
sys.path.insert(0, '../set_3_block_stream_crypto')
from utils import crypto_random_bytes, random_integer, chunks_of, string_to_bytearray
import sha1_keyed_mac as sha1_km
import struct
key = crypto_random_bytes(random_integer(8, 64))
def sign(message):
return sha1_km.sha1_keyed_mac(key, message)
def verify_signature(sig, message):
return sig == sha1_km.sha1_keyed_mac(key, message)
def verify_signature_admin(sig, message):
return verify_signature(sig, message) and b"admin=true" in message
def get_sha_registers_from_signature(signature_hex):
ch = list(chunks_of(signature_hex, 8))
h0 = int("".join(ch[0]), 16)
h1 = int("".join(ch[1]), 16)
h2 = int("".join(ch[2]), 16)
h3 = int("".join(ch[3]), 16)
h4 = int("".join(ch[4]), 16)
def send_encrypted_message(self, message):
key = self.hkdf()
iv = crypto_random_bytes(16)
ciphertext = encrypt_aes_cbc(message, key, iv)
return ciphertext, iv
messages = [
"MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=",
"MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=",
"MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==",
"MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==",
"MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl",
"MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==",
"MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==",
"MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=",
"MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=",
"MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93"
]
BLOCK_SIZE = 16
ORACLE_KEY = crypto_random_bytes(BLOCK_SIZE)
ORACLE_IV = crypto_random_bytes(BLOCK_SIZE)
def cbc_encryption_oracle():
messages_encrypted = []
for message in messages:
message_to_encrypt = base64_to_bytearray(message)
message_to_encrypt_padded = pad_to_mod_16(message_to_encrypt)
ciphertext = encrypt_aes_cbc(message_to_encrypt_padded, ORACLE_KEY, ORACLE_IV)
messages_encrypted.append(ciphertext)
return messages_encrypted
def cbc_padding_oracle(ciphertext):
plaintext_padded = decrypt_aes_cbc(ciphertext, ORACLE_KEY, ORACLE_IV)
key_length, ciphertext = create_repeating_key_ciphertext(ciphertexts)
chunks = unequal_chunks(ciphertext, key_length)
xor_ciphers = transpose_chunks(chunks)
key_used = []
for xor_cipher in xor_ciphers:
score, message, key = break_xor_cipher(xor_cipher,
alpha_and_printable_heuristic)
key_used.append(key)
return key_used
BLOCK_SIZE = 16
KEY = crypto_random_bytes(BLOCK_SIZE)
NONCE = bytearray([0] * 8)
with open('20.txt', 'r') as f:
lines = f.readlines()
messages_b64 = [line.replace("\n", "") for line in lines]
messages = [base64_to_bytearray(i) for i in messages_b64]
ciphertexts = [encrypt_aes_ctr(i, KEY, NONCE) for i in messages]
key_stream_length = max([len(i) for i in ciphertexts])
key_stream = [0] * key_stream_length
def main():
key_stream = break_ctr(ciphertexts)
